From heather.schiller at verizonbusiness.com Mon Sep 21 10:30:03 2009 From: heather.schiller at verizonbusiness.com (Schiller, Heather A (HeatherSkanks)) Date: Mon, 21 Sep 2009 14:30:03 +0000 Subject: [arin-discuss] ARIN billing practice Message-ID: I was reading Chris Morrow's comment on Nanog - about spammers.. "The end of the discussion was along the lines of: "Yes, we know this guy is bad news, but he always comes to us with the proper paperwork and numbers, there's nothing in the current policy set to deny him address resources. Happily though he never pays his bill after the first 12 months so we just reclaim whatever resources are allocated then." (yes, comments about more address space ending up on BL's were made, and that he probably doesn't pay because after the first 3 months the address space is 'worthless' to him...)" ..and got to wondering, "Why doesn't ARIN charge first and last years "rent" on resource allocations?" If you notify ARIN before your bill is due, that you will be returning the resource and not renewing, you get a refund. If you don't notify ARIN and your bill lapses, then ARIN isn't out the money they would have gotten from you, during the time they hold your resource before/during revocation for non-payment. (since most folks keep using it, you should still have to pay for it..) I'm not claiming this would make the spam thing any better.. just raise the financial bar, make them have to do work if they want their money back. I don't know whether I'm even in favor of this or not.. but just about every other 'utility' type service has this practice, and maybe this is worth considering. Maybe there is a reason ARIN doesn't do this..? Thoughts? --Heather From jlewis at atlantic.net Mon Sep 21 10:37:06 2009 From: jlewis at atlantic.net (jlewis at atlantic.net) Date: Mon, 21 Sep 2009 10:37:06 -0400 (EDT) Subject: [arin-discuss] ARIN billing practice In-Reply-To: References: Message-ID: On Mon, 21 Sep 2009, Schiller, Heather A (HeatherSkanks) wrote: > ..and got to wondering, "Why doesn't ARIN charge first and last years > "rent" on resource allocations?" > > If you notify ARIN before your bill is due, that you will be returning > the resource and not renewing, you get a refund. If you don't notify ARIN already does charge new members first year's dues in advance (before you get your initial allocation). Then, you get billed a year later, effectively paying in advance for the following year. -- ---------------------------------------------------------------------- Jon Lewis | Senior Network Engineer | Atlantic.net | ________ http://www.lewis.org/~jlewis/pgp for PGP public key__________ From john.sweeting at twcable.com Mon Sep 21 11:04:14 2009 From: john.sweeting at twcable.com (Sweeting, John) Date: Mon, 21 Sep 2009 11:04:14 -0400 Subject: [arin-discuss] ARIN billing practice References: Message-ID: <58174FA985B92A42B9E3142C4DD2CC0407E723D2@PRVPVSMAIL07.corp.twcable.com> I think Heather's point is if they have to pay first and last year up front then they basically cover the 1 year period when ARIN will not reissue the space. My question would be what would keep them from notifying ARIN and getting the refund? -----Original Message----- From: arin-discuss-bounces at arin.net on behalf of jlewis at atlantic.net Sent: Mon 9/21/2009 10:37 AM To: Schiller,Heather A (HeatherSkanks) Cc: arin-discuss at arin.net Subject: Re: [arin-discuss] ARIN billing practice On Mon, 21 Sep 2009, Schiller, Heather A (HeatherSkanks) wrote: > ..and got to wondering, "Why doesn't ARIN charge first and last years > "rent" on resource allocations?" > > If you notify ARIN before your bill is due, that you will be returning > the resource and not renewing, you get a refund. If you don't notify ARIN already does charge new members first year's dues in advance (before you get your initial allocation). Then, you get billed a year later, effectively paying in advance for the following year. -- ---------------------------------------------------------------------- Jon Lewis | Senior Network Engineer | Atlantic.net | ________ http://www.lewis.org/~jlewis/pgp for PGP public key__________ _______________________________________________ ARIN-Discuss You are receiving this message because you are subscribed to the ARIN Discussion Mailing List (ARIN-discuss at arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-discuss Please contact info at arin.net if you experience any issues. This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout. From jrhett at svcolo.com Mon Sep 21 11:19:34 2009 From: jrhett at svcolo.com (Jo Rhett) Date: Mon, 21 Sep 2009 08:19:34 -0700 Subject: [arin-discuss] ARIN billing practice In-Reply-To: References: Message-ID: There is also a much simpler change: ARIN could refuse allocations to people who are known bad payers. This will chop him off at the knees. On Sep 21, 2009, at 7:30 AM, Schiller, Heather A (HeatherSkanks) wrote: > I was reading Chris Morrow's comment on Nanog - about spammers.. > > "The end of the discussion was along the lines of: "Yes, we know this > guy is bad news, but he always comes to us with the proper paperwork > and > numbers, there's nothing in the current policy set to deny him address > resources. Happily though he never pays his bill after the first 12 > months so we just reclaim whatever resources are allocated > then." (yes, > comments about more address space ending up on BL's were made, and > that > he probably doesn't pay because after the first 3 months the address > space is 'worthless' to him...)" > > ..and got to wondering, "Why doesn't ARIN charge first and last years > "rent" on resource allocations?" > > If you notify ARIN before your bill is due, that you will be returning > the resource and not renewing, you get a refund. If you don't notify > ARIN and your bill lapses, then ARIN isn't out the money they would > have > gotten from you, during the time they hold your resource before/during > revocation for non-payment. (since most folks keep using it, you > should > still have to pay for it..) > > I'm not claiming this would make the spam thing any better.. just > raise > the financial bar, make them have to do work if they want their money > back. > > I don't know whether I'm even in favor of this or not.. but just about > every other 'utility' type service has this practice, and maybe this > is > worth considering. Maybe there is a reason ARIN doesn't do this..? > > Thoughts? > > --Heather > _______________________________________________ > ARIN-Discuss > You are receiving this message because you are subscribed to > the ARIN Discussion Mailing List (ARIN-discuss at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-discuss > Please contact info at arin.net if you experience any issues. -- Jo Rhett Senior Network Engineer Silicon Valley Colocation Support Phone: 408-400-0550 From woody at pch.net Mon Sep 21 11:52:21 2009 From: woody at pch.net (Bill Woodcock) Date: Mon, 21 Sep 2009 08:52:21 -0700 (PDT) Subject: [arin-discuss] ARIN billing practice In-Reply-To: References: Message-ID: > There is also a much simpler change: ARIN could refuse allocations to > people who are known bad payers. This will chop him off at the knees. I think you guys are _radically_ underestimating the willingness and ability of bad actors to do paperwork and pay fees. If you talk to Google Apps folks, you'll get a ver different story, for example. -Bill From alex.ryu at kdlinc.com Mon Sep 21 11:50:23 2009 From: alex.ryu at kdlinc.com (Alex Ryu) Date: Mon, 21 Sep 2009 10:50:23 -0500 Subject: [arin-discuss] ARIN billing practice In-Reply-To: References: Message-ID: <278B5E4BCD5E654385A9F83C7CA6D517CB2161372A@MAILBOX-01.qcommcorp.ad> I think that doesn't fly. ARIN is not law enforcement agency. Who's going to judge whether they are really known spammers? With what grounds? It may turn ARIN into legal battle for discrimination or something like that. Alex -----Original Message----- From: arin-discuss-bounces at arin.net [mailto:arin-discuss-bounces at arin.net] On Behalf Of Jo Rhett Sent: Monday, September 21, 2009 10:20 AM To: Schiller, Heather A (HeatherSkanks) Cc: arin-discuss at arin.net Subject: Re: [arin-discuss] ARIN billing practice There is also a much simpler change: ARIN could refuse allocations to people who are known bad payers. This will chop him off at the knees. On Sep 21, 2009, at 7:30 AM, Schiller, Heather A (HeatherSkanks) wrote: > I was reading Chris Morrow's comment on Nanog - about spammers.. > > "The end of the discussion was along the lines of: "Yes, we know this > guy is bad news, but he always comes to us with the proper paperwork > and > numbers, there's nothing in the current policy set to deny him address > resources. Happily though he never pays his bill after the first 12 > months so we just reclaim whatever resources are allocated > then." (yes, > comments about more address space ending up on BL's were made, and > that > he probably doesn't pay because after the first 3 months the address > space is 'worthless' to him...)" > > ..and got to wondering, "Why doesn't ARIN charge first and last years > "rent" on resource allocations?" > > If you notify ARIN before your bill is due, that you will be returning > the resource and not renewing, you get a refund. If you don't notify > ARIN and your bill lapses, then ARIN isn't out the money they would > have > gotten from you, during the time they hold your resource before/during > revocation for non-payment. (since most folks keep using it, you > should > still have to pay for it..) > > I'm not claiming this would make the spam thing any better.. just > raise > the financial bar, make them have to do work if they want their money > back. > > I don't know whether I'm even in favor of this or not.. but just about > every other 'utility' type service has this practice, and maybe this > is > worth considering. Maybe there is a reason ARIN doesn't do this..? > > Thoughts? > > --Heather > _______________________________________________ > ARIN-Discuss > You are receiving this message because you are subscribed to > the ARIN Discussion Mailing List (ARIN-discuss at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-discuss > Please contact info at arin.net if you experience any issues. -- Jo Rhett Senior Network Engineer Silicon Valley Colocation Support Phone: 408-400-0550 _______________________________________________ ARIN-Discuss You are receiving this message because you are subscribed to the ARIN Discussion Mailing List (ARIN-discuss at arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-discuss Please contact info at arin.net if you experience any issues. From khunt at huntbrothers.com Mon Sep 21 12:05:43 2009 From: khunt at huntbrothers.com (W. Kevin Hunt) Date: Mon, 21 Sep 2009 11:05:43 -0500 Subject: [arin-discuss] ARIN billing practice In-Reply-To: <278B5E4BCD5E654385A9F83C7CA6D517CB2161372A@MAILBOX-01.qcommcorp.ad> References: <278B5E4BCD5E654385A9F83C7CA6D517CB2161372A@MAILBOX-01.qcommcorp.ad> Message-ID: <871C3506-AD32-4F39-BCD1-167A7836CD45@huntbrothers.com> I'd have to agree with Alex. ARIN's decisions should be kept as close to "binary" as possible and lessen or remove any decisions that are "judgement" based. I hate spammers as well, but they are a byproduct of the open nature of the internet as a whole. And even if ARIN DID punish known spammers, they'll find someone to pay a few hundred dollars to for being the front man as far as an ARIN allocation requests goes. On Sep 21, 2009, at 10:50 AM, Alex Ryu wrote: > I think that doesn't fly. > ARIN is not law enforcement agency. > Who's going to judge whether they are really known spammers? > With what grounds? > It may turn ARIN into legal battle for discrimination or something > like that. > > Alex > > > -----Original Message----- > From: arin-discuss-bounces at arin.net [mailto:arin-discuss- > bounces at arin.net] On Behalf Of Jo Rhett > Sent: Monday, September 21, 2009 10:20 AM > To: Schiller, Heather A (HeatherSkanks) > Cc: arin-discuss at arin.net > Subject: Re: [arin-discuss] ARIN billing practice > > There is also a much simpler change: ARIN could refuse allocations > to people who are known bad payers. This will chop him off at the > knees. > From jrhett at svcolo.com Mon Sep 21 12:27:02 2009 From: jrhett at svcolo.com (Jo Rhett) Date: Mon, 21 Sep 2009 09:27:02 -0700 Subject: [arin-discuss] ARIN billing practice In-Reply-To: <278B5E4BCD5E654385A9F83C7CA6D517CB2161372A@MAILBOX-01.qcommcorp.ad> References: <278B5E4BCD5E654385A9F83C7CA6D517CB2161372A@MAILBOX-01.qcommcorp.ad> Message-ID: <7CD93E06-86E0-4B1D-B15E-75F1EFD84AD6@svcolo.com> It's not a question of whether or not they are spammers. It's a question of whether or not they have a known bad payment history. Like any entity which collects money, ARIN knows who doesn't pay their bills. ARIN shouldn't provide allocations to them. On Sep 21, 2009, at 8:50 AM, Alex Ryu wrote: > I think that doesn't fly. > ARIN is not law enforcement agency. > Who's going to judge whether they are really known spammers? > With what grounds? > It may turn ARIN into legal battle for discrimination or something > like that. > > Alex > > > -----Original Message----- > From: arin-discuss-bounces at arin.net [mailto:arin-discuss-bounces at arin.net > ] On Behalf Of Jo Rhett > Sent: Monday, September 21, 2009 10:20 AM > To: Schiller, Heather A (HeatherSkanks) > Cc: arin-discuss at arin.net > Subject: Re: [arin-discuss] ARIN billing practice > > There is also a much simpler change: ARIN could refuse allocations > to people who are known bad payers. This will chop him off at the > knees. > > On Sep 21, 2009, at 7:30 AM, Schiller, Heather A (HeatherSkanks) > wrote: >> I was reading Chris Morrow's comment on Nanog - about spammers.. >> >> "The end of the discussion was along the lines of: "Yes, we know this >> guy is bad news, but he always comes to us with the proper paperwork >> and >> numbers, there's nothing in the current policy set to deny him >> address >> resources. Happily though he never pays his bill after the first 12 >> months so we just reclaim whatever resources are allocated >> then." (yes, >> comments about more address space ending up on BL's were made, and >> that >> he probably doesn't pay because after the first 3 months the address >> space is 'worthless' to him...)" >> >> ..and got to wondering, "Why doesn't ARIN charge first and last years >> "rent" on resource allocations?" >> >> If you notify ARIN before your bill is due, that you will be >> returning >> the resource and not renewing, you get a refund. If you don't notify >> ARIN and your bill lapses, then ARIN isn't out the money they would >> have >> gotten from you, during the time they hold your resource before/ >> during >> revocation for non-payment. (since most folks keep using it, you >> should >> still have to pay for it..) >> >> I'm not claiming this would make the spam thing any better.. just >> raise >> the financial bar, make them have to do work if they want their money >> back. >> >> I don't know whether I'm even in favor of this or not.. but just >> about >> every other 'utility' type service has this practice, and maybe this >> is >> worth considering. Maybe there is a reason ARIN doesn't do this..? >> >> Thoughts? >> >> --Heather >> _______________________________________________ >> ARIN-Discuss >> You are receiving this message because you are subscribed to >> the ARIN Discussion Mailing List (ARIN-discuss at arin.net). >> Unsubscribe or manage your mailing list subscription at: >> http://lists.arin.net/mailman/listinfo/arin-discuss >> Please contact info at arin.net if you experience any issues. > > -- > Jo Rhett > Senior Network Engineer > > Silicon Valley Colocation > Support Phone: 408-400-0550 > > _______________________________________________ > ARIN-Discuss > You are receiving this message because you are subscribed to > the ARIN Discussion Mailing List (ARIN-discuss at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-discuss > Please contact info at arin.net if you experience any issues. -- Jo Rhett Senior Network Engineer Silicon Valley Colocation Support Phone: 408-400-0550 From alex.ryu at kdlinc.com Mon Sep 21 12:33:46 2009 From: alex.ryu at kdlinc.com (Alex Ryu) Date: Mon, 21 Sep 2009 11:33:46 -0500 Subject: [arin-discuss] ARIN billing practice In-Reply-To: <7CD93E06-86E0-4B1D-B15E-75F1EFD84AD6@svcolo.com> References: <278B5E4BCD5E654385A9F83C7CA6D517CB2161372A@MAILBOX-01.qcommcorp.ad> <7CD93E06-86E0-4B1D-B15E-75F1EFD84AD6@svcolo.com> Message-ID: <278B5E4BCD5E654385A9F83C7CA6D517CB21613750@MAILBOX-01.qcommcorp.ad> I think that's billing department internal policy. And they are already forcing the policy that if you don't pay first/initial fee, no IP Address or ASN will be issued. If they are really bad guys, they won't use their name. So why should we put this into policy? As I said, ARIN is already collecting fee first, then issue the number resources. If there is any unpaid bill, I'm sure ARIN Billing department will make comment about that during initial application. For on-going application, I'm sure that the membership organization will be checked for whether they are good-standing member or not. So I think it is already enforced by ARIN as a part of internal policy. I don't think it is necessary to list all stuffs as another policy. Alex -----Original Message----- From: Jo Rhett [mailto:jrhett at svcolo.com] Sent: Monday, September 21, 2009 11:27 AM To: Alex Ryu Cc: Schiller, Heather A (HeatherSkanks); arin-discuss at arin.net Subject: Re: [arin-discuss] ARIN billing practice It's not a question of whether or not they are spammers. It's a question of whether or not they have a known bad payment history. Like any entity which collects money, ARIN knows who doesn't pay their bills. ARIN shouldn't provide allocations to them. On Sep 21, 2009, at 8:50 AM, Alex Ryu wrote: > I think that doesn't fly. > ARIN is not law enforcement agency. > Who's going to judge whether they are really known spammers? > With what grounds? > It may turn ARIN into legal battle for discrimination or something > like that. > > Alex > > > -----Original Message----- > From: arin-discuss-bounces at arin.net [mailto:arin-discuss-bounces at arin.net > ] On Behalf Of Jo Rhett > Sent: Monday, September 21, 2009 10:20 AM > To: Schiller, Heather A (HeatherSkanks) > Cc: arin-discuss at arin.net > Subject: Re: [arin-discuss] ARIN billing practice > > There is also a much simpler change: ARIN could refuse allocations > to people who are known bad payers. This will chop him off at the > knees. > > On Sep 21, 2009, at 7:30 AM, Schiller, Heather A (HeatherSkanks) > wrote: >> I was reading Chris Morrow's comment on Nanog - about spammers.. >> >> "The end of the discussion was along the lines of: "Yes, we know this >> guy is bad news, but he always comes to us with the proper paperwork >> and >> numbers, there's nothing in the current policy set to deny him >> address >> resources. Happily though he never pays his bill after the first 12 >> months so we just reclaim whatever resources are allocated >> then." (yes, >> comments about more address space ending up on BL's were made, and >> that >> he probably doesn't pay because after the first 3 months the address >> space is 'worthless' to him...)" >> >> ..and got to wondering, "Why doesn't ARIN charge first and last years >> "rent" on resource allocations?" >> >> If you notify ARIN before your bill is due, that you will be >> returning >> the resource and not renewing, you get a refund. If you don't notify >> ARIN and your bill lapses, then ARIN isn't out the money they would >> have >> gotten from you, during the time they hold your resource before/ >> during >> revocation for non-payment. (since most folks keep using it, you >> should >> still have to pay for it..) >> >> I'm not claiming this would make the spam thing any better.. just >> raise >> the financial bar, make them have to do work if they want their money >> back. >> >> I don't know whether I'm even in favor of this or not.. but just >> about >> every other 'utility' type service has this practice, and maybe this >> is >> worth considering. Maybe there is a reason ARIN doesn't do this..? >> >> Thoughts? >> >> --Heather >> _______________________________________________ >> ARIN-Discuss >> You are receiving this message because you are subscribed to >> the ARIN Discussion Mailing List (ARIN-discuss at arin.net). >> Unsubscribe or manage your mailing list subscription at: >> http://lists.arin.net/mailman/listinfo/arin-discuss >> Please contact info at arin.net if you experience any issues. > > -- > Jo Rhett > Senior Network Engineer > > Silicon Valley Colocation > Support Phone: 408-400-0550 > > _______________________________________________ > ARIN-Discuss > You are receiving this message because you are subscribed to > the ARIN Discussion Mailing List (ARIN-discuss at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-discuss > Please contact info at arin.net if you experience any issues. -- Jo Rhett Senior Network Engineer Silicon Valley Colocation Support Phone: 408-400-0550 From jcurran at arin.net Mon Sep 21 12:47:53 2009 From: jcurran at arin.net (John Curran) Date: Mon, 21 Sep 2009 12:47:53 -0400 Subject: [arin-discuss] ARIN billing practice In-Reply-To: References: Message-ID: On Sep 21, 2009, at 8:52 AM, Bill Woodcock wrote: > >> There is also a much simpler change: ARIN could refuse >> allocations to >> people who are known bad payers. This will chop him off at the >> knees. > > I think you guys are _radically_ underestimating the willingness and > ability of bad actors to do paperwork and pay fees. ... Alas, Bill is correct: bad actors are quite willing to find fresh associates to register under, and are likely to have great payment history until the organization simply closes shop and moves on. It might be possible to find some common on nameservers, or upstream providers after ARIN's done the allocation and it's been put to use, but that's too late for these purposes. /John John Curran President and CEO ARIN From shon at unwiredbb.com Mon Sep 21 12:36:45 2009 From: shon at unwiredbb.com (Shon Elliott) Date: Mon, 21 Sep 2009 09:36:45 -0700 Subject: [arin-discuss] ARIN billing practice In-Reply-To: <7CD93E06-86E0-4B1D-B15E-75F1EFD84AD6@svcolo.com> References: <278B5E4BCD5E654385A9F83C7CA6D517CB2161372A@MAILBOX-01.qcommcorp.ad> <7CD93E06-86E0-4B1D-B15E-75F1EFD84AD6@svcolo.com> Message-ID: <43BAB891D6D01742AFDEA3D62DCE9E5D25168E@uwbb-cat2.unwiredbb.local> In my (unfortunate) experience, spammers don't usually have a problem paying their bills. I've seen this years past at previous ISPs I have worked for, and the spammers are actually the best paying clients. They're always on time. It's not like they don't have the (dirty) money. -----Original Message----- From: arin-discuss-bounces at arin.net [mailto:arin-discuss-bounces at arin.net] On Behalf Of Jo Rhett Sent: Monday, September 21, 2009 9:27 AM To: Alex Ryu Cc: arin-discuss at arin.net Subject: Re: [arin-discuss] ARIN billing practice It's not a question of whether or not they are spammers. It's a question of whether or not they have a known bad payment history. Like any entity which collects money, ARIN knows who doesn't pay their bills. ARIN shouldn't provide allocations to them. On Sep 21, 2009, at 8:50 AM, Alex Ryu wrote: > I think that doesn't fly. > ARIN is not law enforcement agency. > Who's going to judge whether they are really known spammers? > With what grounds? > It may turn ARIN into legal battle for discrimination or something > like that. > > Alex > > > -----Original Message----- > From: arin-discuss-bounces at arin.net [mailto:arin-discuss-bounces at arin.net > ] On Behalf Of Jo Rhett > Sent: Monday, September 21, 2009 10:20 AM > To: Schiller, Heather A (HeatherSkanks) > Cc: arin-discuss at arin.net > Subject: Re: [arin-discuss] ARIN billing practice > > There is also a much simpler change: ARIN could refuse allocations > to people who are known bad payers. This will chop him off at the > knees. > > On Sep 21, 2009, at 7:30 AM, Schiller, Heather A (HeatherSkanks) > wrote: >> I was reading Chris Morrow's comment on Nanog - about spammers.. >> >> "The end of the discussion was along the lines of: "Yes, we know this >> guy is bad news, but he always comes to us with the proper paperwork >> and >> numbers, there's nothing in the current policy set to deny him >> address >> resources. Happily though he never pays his bill after the first 12 >> months so we just reclaim whatever resources are allocated >> then." (yes, >> comments about more address space ending up on BL's were made, and >> that >> he probably doesn't pay because after the first 3 months the address >> space is 'worthless' to him...)" >> >> ..and got to wondering, "Why doesn't ARIN charge first and last years >> "rent" on resource allocations?" >> >> If you notify ARIN before your bill is due, that you will be >> returning >> the resource and not renewing, you get a refund. If you don't notify >> ARIN and your bill lapses, then ARIN isn't out the money they would >> have >> gotten from you, during the time they hold your resource before/ >> during >> revocation for non-payment. (since most folks keep using it, you >> should >> still have to pay for it..) >> >> I'm not claiming this would make the spam thing any better.. just >> raise >> the financial bar, make them have to do work if they want their money >> back. >> >> I don't know whether I'm even in favor of this or not.. but just >> about >> every other 'utility' type service has this practice, and maybe this >> is >> worth considering. Maybe there is a reason ARIN doesn't do this..? >> >> Thoughts? >> >> --Heather >> _______________________________________________ >> ARIN-Discuss >> You are receiving this message because you are subscribed to >> the ARIN Discussion Mailing List (ARIN-discuss at arin.net). >> Unsubscribe or manage your mailing list subscription at: >> http://lists.arin.net/mailman/listinfo/arin-discuss >> Please contact info at arin.net if you experience any issues. > > -- > Jo Rhett > Senior Network Engineer > > Silicon Valley Colocation > Support Phone: 408-400-0550 > > _______________________________________________ > ARIN-Discuss > You are receiving this message because you are subscribed to > the ARIN Discussion Mailing List (ARIN-discuss at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-discuss > Please contact info at arin.net if you experience any issues. -- Jo Rhett Senior Network Engineer Silicon Valley Colocation Support Phone: 408-400-0550 _______________________________________________ ARIN-Discuss You are receiving this message because you are subscribed to the ARIN Discussion Mailing List (ARIN-discuss at arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-discuss Please contact info at arin.net if you experience any issues. From mahannig at akamai.com Mon Sep 21 12:56:54 2009 From: mahannig at akamai.com (Hannigan, Martin) Date: Mon, 21 Sep 2009 12:56:54 -0400 Subject: [arin-discuss] Petition Support Was: Re: [arin-announce] ARIN Advisory Council Petition for Thomas Leonard -Voice Your Support by 6 October 17:00 EDT In-Reply-To: <4AB7A340.306@arin.net> Message-ID: On 9/21/09 12:01 PM, "Member Services" wrote: > Thomas Leonard is seeking your support for his petition to run for the > ARIN Advisory Council. To read his brief biography and candidate > questionnaire, please visit: > > https://www.arin.net/app/election/questionnaire/view?elec_id=16&candidate_id=2 > 02 > > To be considered a candidate, Thomas Leonard must receive support from > 172 designated member representatives from ARIN's General Members in > good standing. > > "What's up with petitions for AC?" In years past, you could... 1. Run for the ARIN AC 2. Submit the required "papers" on-time 3. Be deemed eligible to run 4. Pitch to the members directly 5. Win or lose on your own merits THIS year, you could ... 1. Run for the ARIN AC 2. Submit your required ?papers? on-time 3. Be deemed eligible to run 4. Not be _chosen by the AC nom_com to run There is nothing devious at play. As it was explained to me, candidate stump time on the podium at the meeting was considered a big problem. A large number of candidates submitted themselves to the process (and fully expected to be able to run). A by-law that has always been previously interpreted to support a minimum number of candidates was instead interpreted as a way to create a maximum number. I would suggest that any candidate that petitions gets support from all. Good luck to _all_ candidates. Best Regards, -M< -- Martin Hannigan http://www.akamai.com Akamai Technologies, Inc. marty at akamai.com Cambridge, MA USA cell: +16178216079 ofc: +16174442535 From tedm at ipinc.net Mon Sep 21 13:05:52 2009 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Mon, 21 Sep 2009 10:05:52 -0700 Subject: [arin-discuss] ARIN billing practice In-Reply-To: References: Message-ID: <4AB7B270.6070500@ipinc.net> John Curran wrote: > On Sep 21, 2009, at 8:52 AM, Bill Woodcock wrote: >>> There is also a much simpler change: ARIN could refuse >>> allocations to >>> people who are known bad payers. This will chop him off at the >>> knees. >> I think you guys are _radically_ underestimating the willingness and >> ability of bad actors to do paperwork and pay fees. ... > > Alas, Bill is correct: bad actors are quite willing to find fresh > associates to register under, and are likely to have great payment > history until the organization simply closes shop and moves on. It > might be possible to find some common on nameservers, or upstream > providers after ARIN's done the allocation and it's been put to use, > but that's too late for these purposes. > As it has been said many times, on many anti-spam forums, the root of the spam problem is people who receive spams who then go on to send money to the spammers. As long as you have ignorance, mankind will have those criminals who prey on it. "This boy is Ignorance. This girl is Want. Beware them both, and all of their degree, but most of all beware this boy, for on his brow I see that written which is Doom, unless the writing be erased."--- Dickens, A Christmas Carol Ted From ndavis at arin.net Mon Sep 21 13:13:56 2009 From: ndavis at arin.net (Nate Davis) Date: Mon, 21 Sep 2009 13:13:56 -0400 Subject: [arin-discuss] ARIN billing practice In-Reply-To: References: Message-ID: Allow me to shed some light on ARIN's current practice for clarity of the discussion. ARIN charges new organization's first year initial fees in advance, when the application is approved, but prior to issuance of any Internet Number Resources. Subsequently, ARIN invoices annually based on the anniversary date of an organizations initial allocation/assignment (renewals and/or maintenance). As a result, organizations pay, in advance for one year, for services and use of the Internet Number Resources. In the event that an organization becomes past due with any invoices, ARIN will begin to seek revocation of these resources after three months. If revoked, ARIN will hold revoked resources for at least one year before reissuing these resources to another organization. In regard to refunds, per Section 6, part b of ARIN's Registration Service Agreement, "No Refunds. All fees paid to Applicant to ARIN are deemed fully earned upon receipt and are nonrefundable." Therefore ARIN will not refund any portion of a payment. Nate Davis Chief Operating Officer The American Registry for Internet Numbers -----Original Message----- From: arin-discuss-bounces at arin.net [mailto:arin-discuss-bounces at arin.net] On Behalf Of Schiller, Heather A (HeatherSkanks) Sent: Monday, September 21, 2009 10:30 AM To: arin-discuss at arin.net Subject: [arin-discuss] ARIN billing practice I was reading Chris Morrow's comment on Nanog - about spammers.. "The end of the discussion was along the lines of: "Yes, we know this guy is bad news, but he always comes to us with the proper paperwork and numbers, there's nothing in the current policy set to deny him address resources. Happily though he never pays his bill after the first 12 months so we just reclaim whatever resources are allocated then." (yes, comments about more address space ending up on BL's were made, and that he probably doesn't pay because after the first 3 months the address space is 'worthless' to him...)" ..and got to wondering, "Why doesn't ARIN charge first and last years "rent" on resource allocations?" If you notify ARIN before your bill is due, that you will be returning the resource and not renewing, you get a refund. If you don't notify ARIN and your bill lapses, then ARIN isn't out the money they would have gotten from you, during the time they hold your resource before/during revocation for non-payment. (since most folks keep using it, you should still have to pay for it..) I'm not claiming this would make the spam thing any better.. just raise the financial bar, make them have to do work if they want their money back. I don't know whether I'm even in favor of this or not.. but just about every other 'utility' type service has this practice, and maybe this is worth considering. Maybe there is a reason ARIN doesn't do this..? Thoughts? --Heather _______________________________________________ ARIN-Discuss You are receiving this message because you are subscribed to the ARIN Discussion Mailing List (ARIN-discuss at arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-discuss Please contact info at arin.net if you experience any issues. From owen at delong.com Mon Sep 21 15:15:04 2009 From: owen at delong.com (Owen DeLong) Date: Mon, 21 Sep 2009 12:15:04 -0700 Subject: [arin-discuss] ARIN billing practice In-Reply-To: References: Message-ID: <68EC8C15-890B-4691-AE9A-FAEBE1CEC707@delong.com> What about a policy that covers the situation of repeated receipt and reclamation? For example: 1. Standard process applies the first time you get address space as it does today. 2. You return the space or fail to pay your bill. 3. You come back for a second round of addresses on a new "initial" application. Based on your history, you are expected to front a deposit for your next two years renewal as well, 50% of which is refundable if you return your space at the end of the first year. (In other words, you pay 3 years up front, if you only use 1, you get 1 back, costs you two.) If you use for more than a year, the deposit is forfeit, but, you don't owe fees until you begin your fourth year of utilization. 4. You return the space, get your one year refund, and subsequently apply for a 3rd round of addressing on yet another new application. 5. This time, you're still charged on the 3-year deposit basis, but, it is completely non-refundable. Thoughts? Owen On Sep 21, 2009, at 7:30 AM, Schiller, Heather A (HeatherSkanks) wrote: > > I was reading Chris Morrow's comment on Nanog - about spammers.. > > "The end of the discussion was along the lines of: "Yes, we know this > guy is bad news, but he always comes to us with the proper paperwork > and > numbers, there's nothing in the current policy set to deny him address > resources. Happily though he never pays his bill after the first 12 > months so we just reclaim whatever resources are allocated > then." (yes, > comments about more address space ending up on BL's were made, and > that > he probably doesn't pay because after the first 3 months the address > space is 'worthless' to him...)" > > ..and got to wondering, "Why doesn't ARIN charge first and last years > "rent" on resource allocations?" > > If you notify ARIN before your bill is due, that you will be returning > the resource and not renewing, you get a refund. If you don't notify > ARIN and your bill lapses, then ARIN isn't out the money they would > have > gotten from you, during the time they hold your resource before/during > revocation for non-payment. (since most folks keep using it, you > should > still have to pay for it..) > > I'm not claiming this would make the spam thing any better.. just > raise > the financial bar, make them have to do work if they want their money > back. > > I don't know whether I'm even in favor of this or not.. but just about > every other 'utility' type service has this practice, and maybe this > is > worth considering. Maybe there is a reason ARIN doesn't do this..? > > Thoughts? > > --Heather > _______________________________________________ > ARIN-Discuss > You are receiving this message because you are subscribed to > the ARIN Discussion Mailing List (ARIN-discuss at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-discuss > Please contact info at arin.net if you experience any issues. From jcurran at arin.net Mon Sep 21 15:50:21 2009 From: jcurran at arin.net (John Curran) Date: Mon, 21 Sep 2009 15:50:21 -0400 Subject: [arin-discuss] ARIN billing practice In-Reply-To: <68EC8C15-890B-4691-AE9A-FAEBE1CEC707@delong.com> References: <68EC8C15-890B-4691-AE9A-FAEBE1CEC707@delong.com> Message-ID: <2CDFD2F0-B6B5-435E-876A-55C0ED3C87CC@arin.net> Owen - What problem is this billing practice intended to solve? /John John Curran ARIN President & CEO On Sep 21, 2009, at 12:15 PM, Owen DeLong wrote: > What about a policy that covers the situation of repeated receipt and > reclamation? For example: > > 1. Standard process applies the first time you get address space > as it does today. > > 2. You return the space or fail to pay your bill. > > 3. You come back for a second round of addresses on a new "initial" > application. Based on your history, you are expected to front a > deposit > for your next two years renewal as well, 50% of which is refundable > if you return your space at the end of the first year. (In other > words, > you pay 3 years up front, if you only use 1, you get 1 back, costs > you > two.) If you use for more than a year, the deposit is forfeit, > but, you don't > owe fees until you begin your fourth year of utilization. > > 4. You return the space, get your one year refund, and subsequently > apply for a 3rd round of addressing on yet another new application. > > 5. This time, you're still charged on the 3-year deposit basis, but, > it is > completely non-refundable. > > Thoughts? > > Owen From scottleibrand at gmail.com Mon Sep 21 15:38:40 2009 From: scottleibrand at gmail.com (Scott Leibrand) Date: Mon, 21 Sep 2009 12:38:40 -0700 Subject: [arin-discuss] ARIN billing practice In-Reply-To: <68EC8C15-890B-4691-AE9A-FAEBE1CEC707@delong.com> References: <68EC8C15-890B-4691-AE9A-FAEBE1CEC707@delong.com> Message-ID: <4AB7D640.2010101@gmail.com> Again, we have the problem of defining "you". If each new application comes from a different org, how do you define whether to apply this policy? It's trivial to create a new corporation for each request, and state corporate privacy laws make it almost impossible to determine who's behind such a corporation. -Scott Owen DeLong wrote: > What about a policy that covers the situation of repeated receipt and > reclamation? For example: > > 1. Standard process applies the first time you get address space > as it does today. > > 2. You return the space or fail to pay your bill. > > 3. You come back for a second round of addresses on a new "initial" > application. Based on your history, you are expected to front a > deposit > for your next two years renewal as well, 50% of which is refundable > if you return your space at the end of the first year. (In other > words, > you pay 3 years up front, if you only use 1, you get 1 back, costs > you > two.) If you use for more than a year, the deposit is forfeit, > but, you don't > owe fees until you begin your fourth year of utilization. > > 4. You return the space, get your one year refund, and subsequently > apply for a 3rd round of addressing on yet another new application. > > 5. This time, you're still charged on the 3-year deposit basis, > but, it is > completely non-refundable. > > Thoughts? > > Owen > > On Sep 21, 2009, at 7:30 AM, Schiller, Heather A (HeatherSkanks) wrote: > >> >> I was reading Chris Morrow's comment on Nanog - about spammers.. >> >> "The end of the discussion was along the lines of: "Yes, we know this >> guy is bad news, but he always comes to us with the proper paperwork and >> numbers, there's nothing in the current policy set to deny him address >> resources. Happily though he never pays his bill after the first 12 >> months so we just reclaim whatever resources are allocated then." (yes, >> comments about more address space ending up on BL's were made, and that >> he probably doesn't pay because after the first 3 months the address >> space is 'worthless' to him...)" >> >> ..and got to wondering, "Why doesn't ARIN charge first and last years >> "rent" on resource allocations?" >> >> If you notify ARIN before your bill is due, that you will be returning >> the resource and not renewing, you get a refund. If you don't notify >> ARIN and your bill lapses, then ARIN isn't out the money they would have >> gotten from you, during the time they hold your resource before/during >> revocation for non-payment. (since most folks keep using it, you should >> still have to pay for it..) >> >> I'm not claiming this would make the spam thing any better.. just raise >> the financial bar, make them have to do work if they want their money >> back. >> >> I don't know whether I'm even in favor of this or not.. but just about >> every other 'utility' type service has this practice, and maybe this is >> worth considering. Maybe there is a reason ARIN doesn't do this..? >> >> Thoughts? >> >> --Heather >> _______________________________________________ >> ARIN-Discuss >> You are receiving this message because you are subscribed to >> the ARIN Discussion Mailing List (ARIN-discuss at arin.net). >> Unsubscribe or manage your mailing list subscription at: >> http://lists.arin.net/mailman/listinfo/arin-discuss >> Please contact info at arin.net if you experience any issues. > > _______________________________________________ > ARIN-Discuss > You are receiving this message because you are subscribed to > the ARIN Discussion Mailing List (ARIN-discuss at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-discuss > Please contact info at arin.net if you experience any issues. From joelja at bogus.com Mon Sep 21 15:55:55 2009 From: joelja at bogus.com (Joel Jaeggli) Date: Mon, 21 Sep 2009 12:55:55 -0700 Subject: [arin-discuss] ARIN billing practice In-Reply-To: References: Message-ID: <4AB7DA4B.7000103@bogus.com> I've worked for a few large corporations and several times I found it necessary to expense our annual fees in order to attend the ARIN meeting. notwithstanding how accounts payable works in a company with 100,000 people the lights don't turn off immediately when the arin bill doesn't get payed, so like bill I wouldn't make assumptions about who isn't paying their ARIN invoice. Bill Woodcock wrote: > > There is also a much simpler change: ARIN could refuse allocations to > > people who are known bad payers. This will chop him off at the knees. > > I think you guys are _radically_ underestimating the willingness and > ability of bad actors to do paperwork and pay fees. If you talk to Google > Apps folks, you'll get a ver different story, for example. > > -Bill > > _______________________________________________ > ARIN-Discuss > You are receiving this message because you are subscribed to > the ARIN Discussion Mailing List (ARIN-discuss at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-discuss > Please contact info at arin.net if you experience any issues. > From farmer at umn.edu Mon Sep 21 16:33:17 2009 From: farmer at umn.edu (David Farmer) Date: Mon, 21 Sep 2009 15:33:17 -0500 Subject: [arin-discuss] ARIN billing practice In-Reply-To: <68EC8C15-890B-4691-AE9A-FAEBE1CEC707@delong.com> References: , <68EC8C15-890B-4691-AE9A-FAEBE1CEC707@delong.com> Message-ID: <4AB79CBD.13201.13FAEEF9@farmer.umn.edu> On 21 Sep 2009 Owen DeLong wrote: > What about a policy that covers the situation of repeated receipt and > reclamation? For example: > > 1. Standard process applies the first time you get address space > as it does today. > > 2. You return the space or fail to pay your bill. > > 3. You come back for a second round of addresses on a new "initial" > application. Based on your history, you are expected to front a deposit > for your next two years renewal as well, 50% of which is refundable > if you return your space at the end of the first year. (In other words, > you pay 3 years up front, if you only use 1, you get 1 back, costs you > two.) If you use for more than a year, the deposit is forfeit, but, > you don't > owe fees until you begin your fourth year of utilization. Refunds can create accounting issues, they may be considered future liabilities and need to be carried on the books until the second year of registration is started. I'm not an accountant so I don't know all the details. But I know accountants don't like refunds, especially ones built-in to a process. I suspect this is why ARIN has no refunds written into their current contracts. So I would suggest going with a non- refundable charge even at this step. > 4. You return the space, get your one year refund, and subsequently > apply for a 3rd round of addressing on yet another new application. > > 5. This time, you're still charged on the 3-year deposit basis, but, > it is > completely non-refundable. > > Thoughts? I guess I wouldn't oppose such a process, procedure, or policy. But, I would want some evidence that it would have an effect. FWIW, this sounds more like a billing procedure or issues to me, that staff and the board should deal with rather than a policy that should go through the Policy Development Process. This doesn't seem to negatively effect the normal good actors, and wouldn't even greatly effect people that don't pay there bills on time. First they would have to let the bill go more than a year delinquent, and then they would just have to pay ahead a little. They still get two or three years of registration, they are just required to pay it a head of time. But, no one should view this as a magic bullet. As has been said this kind of thing isn't really going to stop spamers or other bad actors. At best it might stop a few of the dumb or lazy ones, it really only slightly raises the bar for most spamers. Finally, this would really need to be happening more than once or twice a year to justify making any changes to the processes. If something like this were put into place how often would it come into effect? And, how many of those are suspected spammers? =============================================== David Farmer Email:farmer at umn.edu Office of Information Technology Networking & Telecomunication Services University of Minnesota Phone: 612-626-0815 2218 University Ave SE Cell: 612-812-9952 Minneapolis, MN 55414-3029 FAX: 612-626-1818 =============================================== From scheesman at level365.com Mon Sep 21 16:50:02 2009 From: scheesman at level365.com (Sean Cheesman) Date: Mon, 21 Sep 2009 16:50:02 -0400 Subject: [arin-discuss] ARIN billing practice In-Reply-To: <4AB79CBD.13201.13FAEEF9@farmer.umn.edu> References: , <68EC8C15-890B-4691-AE9A-FAEBE1CEC707@delong.com> <4AB79CBD.13201.13FAEEF9@farmer.umn.edu> Message-ID: Maybe I'm just simplifying this too much, but why doesn't ARIN just do everything possible (Articles of Incorporation, verification of identity, etc) so that when spammers do misuse these blocks the authorities actually have good contact information for those responsible? As it was said, ARIN is not a policing body, but that doesn't mean that they can't enact policies that will help those that can police. -----Original Message----- From: arin-discuss-bounces at arin.net [mailto:arin-discuss-bounces at arin.net] On Behalf Of David Farmer Sent: Monday, September 21, 2009 4:33 PM To: Owen DeLong; arin-discuss at arin.net Subject: Re: [arin-discuss] ARIN billing practice On 21 Sep 2009 Owen DeLong wrote: > What about a policy that covers the situation of repeated receipt and > reclamation? For example: > > 1. Standard process applies the first time you get address space > as it does today. > > 2. You return the space or fail to pay your bill. > > 3. You come back for a second round of addresses on a new "initial" > application. Based on your history, you are expected to front a deposit > for your next two years renewal as well, 50% of which is refundable > if you return your space at the end of the first year. (In other words, > you pay 3 years up front, if you only use 1, you get 1 back, costs you > two.) If you use for more than a year, the deposit is forfeit, but, > you don't > owe fees until you begin your fourth year of utilization. Refunds can create accounting issues, they may be considered future liabilities and need to be carried on the books until the second year of registration is started. I'm not an accountant so I don't know all the details. But I know accountants don't like refunds, especially ones built-in to a process. I suspect this is why ARIN has no refunds written into their current contracts. So I would suggest going with a non- refundable charge even at this step. > 4. You return the space, get your one year refund, and subsequently > apply for a 3rd round of addressing on yet another new application. > > 5. This time, you're still charged on the 3-year deposit basis, but, > it is > completely non-refundable. > > Thoughts? I guess I wouldn't oppose such a process, procedure, or policy. But, I would want some evidence that it would have an effect. FWIW, this sounds more like a billing procedure or issues to me, that staff and the board should deal with rather than a policy that should go through the Policy Development Process. This doesn't seem to negatively effect the normal good actors, and wouldn't even greatly effect people that don't pay there bills on time. First they would have to let the bill go more than a year delinquent, and then they would just have to pay ahead a little. They still get two or three years of registration, they are just required to pay it a head of time. But, no one should view this as a magic bullet. As has been said this kind of thing isn't really going to stop spamers or other bad actors. At best it might stop a few of the dumb or lazy ones, it really only slightly raises the bar for most spamers. Finally, this would really need to be happening more than once or twice a year to justify making any changes to the processes. If something like this were put into place how often would it come into effect? And, how many of those are suspected spammers? =============================================== David Farmer Email:farmer at umn.edu Office of Information Technology Networking & Telecomunication Services University of Minnesota Phone: 612-626-0815 2218 University Ave SE Cell: 612-812-9952 Minneapolis, MN 55414-3029 FAX: 612-626-1818 =============================================== _______________________________________________ ARIN-Discuss You are receiving this message because you are subscribed to the ARIN Discussion Mailing List (ARIN-discuss at arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-discuss Please contact info at arin.net if you experience any issues. From owen at delong.com Mon Sep 21 16:47:59 2009 From: owen at delong.com (Owen DeLong) Date: Mon, 21 Sep 2009 13:47:59 -0700 Subject: [arin-discuss] ARIN billing practice In-Reply-To: <4AB79CBD.13201.13FAEEF9@farmer.umn.edu> References: , <68EC8C15-890B-4691-AE9A-FAEBE1CEC707@delong.com> <4AB79CBD.13201.13FAEEF9@farmer.umn.edu> Message-ID: <8CAF43E7-3DFA-43C9-9903-2368E21CDEB0@delong.com> On Sep 21, 2009, at 1:33 PM, David Farmer wrote: > On 21 Sep 2009 Owen DeLong wrote: > >> What about a policy that covers the situation of repeated receipt and >> reclamation? For example: >> >> 1. Standard process applies the first time you get address space >> as it does today. >> >> 2. You return the space or fail to pay your bill. >> >> 3. You come back for a second round of addresses on a new "initial" >> application. Based on your history, you are expected to front a >> deposit >> for your next two years renewal as well, 50% of which is refundable >> if you return your space at the end of the first year. (In other >> words, >> you pay 3 years up front, if you only use 1, you get 1 back, costs >> you >> two.) If you use for more than a year, the deposit is forfeit, but, >> you don't >> owe fees until you begin your fourth year of utilization. > > Refunds can create accounting issues, they may be > considered future liabilities and need to be carried on the > books until the second year of registration is started. I'm not > an accountant so I don't know all the details. But I know > accountants don't like refunds, especially ones built-in to a > process. I suspect this is why ARIN has no refunds written into > their current contracts. So I would suggest going with a non- > refundable charge even at this step. > I didn't want the policy to be punitive to organizations that may be legitimate, but, go out of business in a year or whatever. >> 4. You return the space, get your one year refund, and subsequently >> apply for a 3rd round of addressing on yet another new application. >> >> 5. This time, you're still charged on the 3-year deposit basis, but, >> it is >> completely non-refundable. >> >> Thoughts? > > I guess I wouldn't oppose such a process, procedure, or policy. > But, I would want some evidence that it would have an effect. > FWIW, this sounds more like a billing procedure or issues to > me, that staff and the board should deal with rather than a > policy that should go through the Policy Development Process. > Maybe that's why the ARIN membership is discussing this on ARIN-DISCUSS instead of the public discussing it on PPML. > This doesn't seem to negatively effect the normal good actors, > and wouldn't even greatly effect people that don't pay there > bills on time. First they would have to let the bill go more than > a year delinquent, and then they would just have to pay ahead > a little. They still get two or three years of registration, they are > just required to pay it a head of time. > > But, no one should view this as a magic bullet. As has been > said this kind of thing isn't really going to stop spamers or other > bad actors. At best it might stop a few of the dumb or lazy > ones, it really only slightly raises the bar for most spamers. > Of course it's not a magic bullet. While I would certainly welcome any more effective solution, I don't have one handy. Owen From tedm at ipinc.net Mon Sep 21 17:08:40 2009 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Mon, 21 Sep 2009 14:08:40 -0700 Subject: [arin-discuss] ARIN billing practice In-Reply-To: <8CAF43E7-3DFA-43C9-9903-2368E21CDEB0@delong.com> References: , <68EC8C15-890B-4691-AE9A-FAEBE1CEC707@delong.com> <4AB79CBD.13201.13FAEEF9@farmer.umn.edu> <8CAF43E7-3DFA-43C9-9903-2368E21CDEB0@delong.com> Message-ID: <4AB7EB58.90304@ipinc.net> Owen DeLong wrote: > > On Sep 21, 2009, at 1:33 PM, David Farmer wrote: > >> On 21 Sep 2009 Owen DeLong wrote: >> >>> What about a policy that covers the situation of repeated receipt and >>> reclamation? For example: >>> >>> 1. Standard process applies the first time you get address space >>> as it does today. >>> >>> 2. You return the space or fail to pay your bill. >>> >>> 3. You come back for a second round of addresses on a new "initial" >>> application. Based on your history, you are expected to front a >>> deposit >>> for your next two years renewal as well, 50% of which is refundable >>> if you return your space at the end of the first year. (In other >>> words, >>> you pay 3 years up front, if you only use 1, you get 1 back, >>> costs you >>> two.) If you use for more than a year, the deposit is forfeit, but, >>> you don't >>> owe fees until you begin your fourth year of utilization. >> >> Refunds can create accounting issues, they may be >> considered future liabilities and need to be carried on the >> books until the second year of registration is started. I'm not >> an accountant so I don't know all the details. But I know >> accountants don't like refunds, especially ones built-in to a >> process. I suspect this is why ARIN has no refunds written into >> their current contracts. So I would suggest going with a non- >> refundable charge even at this step. >> > I didn't want the policy to be punitive to organizations that may > be legitimate, but, go out of business in a year or whatever. > The problem is this is 10 times worse if the org goes out of business. If a company goes out of business, and has a refund due, what the company (ARIN in this case) has to do with a refund is governed by (at least in the United States) the laws of the state the company is in. In California, I think the requirement is ARIN would have to take out a newspaper advert, then turn the money over to the state dept. of unclaimed funds. There's specific times and dates that have to be observed. This is going to be different for most states. And that's just in the US. I hate to think of all of the other conflicting regulations on unclaimed funds in other jurisdictions. Ted From jer at mia.net Mon Sep 21 17:29:28 2009 From: jer at mia.net (Jeremy Anthony Kinsey) Date: Mon, 21 Sep 2009 16:29:28 -0500 Subject: [arin-discuss] ARIN billing practice In-Reply-To: References: , <68EC8C15-890B-4691-AE9A-FAEBE1CEC707@delong.com> <4AB79CBD.13201.13FAEEF9@farmer.umn.edu> Message-ID: <565F44B0-68FC-45EC-BC6A-C2E5ABC7416C@mia.net> On Sep 21, 2009, at 3:50 PM, Sean Cheesman wrote: > Maybe I'm just simplifying this too much, but why doesn't ARIN just > do everything possible (Articles of Incorporation, verification of > identity, etc) so that when spammers do misuse these blocks the > authorities actually have good contact information for those > responsible? As it was said, ARIN is not a policing body, but that > doesn't mean that they can't enact policies that will help those > that can police. While I can appreciate your intentions and frustration, last I checked spam was not a crime. Annoying, yes, illegal? No. Besides all this is going to do is entice people to submit more bogus info. -jer From scheesman at level365.com Mon Sep 21 17:32:23 2009 From: scheesman at level365.com (Sean Cheesman) Date: Mon, 21 Sep 2009 17:32:23 -0400 Subject: [arin-discuss] ARIN billing practice In-Reply-To: <565F44B0-68FC-45EC-BC6A-C2E5ABC7416C@mia.net> References: , <68EC8C15-890B-4691-AE9A-FAEBE1CEC707@delong.com> <4AB79CBD.13201.13FAEEF9@farmer.umn.edu> <565F44B0-68FC-45EC-BC6A-C2E5ABC7416C@mia.net> Message-ID: My bad. I thought the CAN-SPAM act allowed for criminal charges against companies that don't comply with regulation. Guess I'm living in an alternate universe... http://en.wikipedia.org/wiki/CAN-SPAM_Act_of_2003#Criminal_enforcement -----Original Message----- From: Jeremy Anthony Kinsey [mailto:jer at mia.net] Sent: Monday, September 21, 2009 5:29 PM To: Sean Cheesman Cc: David Farmer; Owen DeLong; arin-discuss at arin.net Subject: Re: [arin-discuss] ARIN billing practice On Sep 21, 2009, at 3:50 PM, Sean Cheesman wrote: > Maybe I'm just simplifying this too much, but why doesn't ARIN just > do everything possible (Articles of Incorporation, verification of > identity, etc) so that when spammers do misuse these blocks the > authorities actually have good contact information for those > responsible? As it was said, ARIN is not a policing body, but that > doesn't mean that they can't enact policies that will help those > that can police. While I can appreciate your intentions and frustration, last I checked spam was not a crime. Annoying, yes, illegal? No. Besides all this is going to do is entice people to submit more bogus info. -jer From jer at mia.net Mon Sep 21 17:46:58 2009 From: jer at mia.net (Jeremy Anthony Kinsey) Date: Mon, 21 Sep 2009 16:46:58 -0500 Subject: [arin-discuss] ARIN billing practice In-Reply-To: References: , <68EC8C15-890B-4691-AE9A-FAEBE1CEC707@delong.com> <4AB79CBD.13201.13FAEEF9@farmer.umn.edu> <565F44B0-68FC-45EC-BC6A-C2E5ABC7416C@mia.net> Message-ID: <9CD46289-D95D-4103-8FF7-D03EBC040643@mia.net> Almost every spam I get contains something that "complies" with that "regulation". I really do not want to argue the semantics of a law that remains relatively ineffective and unenforceable as it is written. It does not outlaw or make illegal the act of sending UCE. What it does is says if you are going to do it, you need to accommodate those that do not want to receive such UCE by way of providing a removal system or valid contact address. As such, most of these places do. Again, annoying, yes. Illegal no. Anyway Sean, my original point was that asking ARIN to act as an enforcement or entrapment agent is likely not the solution here and would probably do more harm than good. -jer On Sep 21, 2009, at 4:32 PM, Sean Cheesman wrote: > My bad. I thought the CAN-SPAM act allowed for criminal charges > against companies that don't comply with regulation. Guess I'm > living in an alternate universe... > > http://en.wikipedia.org/wiki/CAN-SPAM_Act_of_2003#Criminal_enforcement > > -----Original Message----- > From: Jeremy Anthony Kinsey [mailto:jer at mia.net] > Sent: Monday, September 21, 2009 5:29 PM > To: Sean Cheesman > Cc: David Farmer; Owen DeLong; arin-discuss at arin.net > Subject: Re: [arin-discuss] ARIN billing practice > > > On Sep 21, 2009, at 3:50 PM, Sean Cheesman wrote: > >> Maybe I'm just simplifying this too much, but why doesn't ARIN just >> do everything possible (Articles of Incorporation, verification of >> identity, etc) so that when spammers do misuse these blocks the >> authorities actually have good contact information for those >> responsible? As it was said, ARIN is not a policing body, but that >> doesn't mean that they can't enact policies that will help those >> that can police. > > > While I can appreciate your intentions and frustration, last I checked > spam was not a crime. Annoying, yes, illegal? No. > > Besides all this is going to do is entice people to submit more bogus > info. > > -jer > From farmer at umn.edu Mon Sep 21 17:55:26 2009 From: farmer at umn.edu (David Farmer) Date: Mon, 21 Sep 2009 16:55:26 -0500 Subject: [arin-discuss] ARIN billing practice In-Reply-To: <8CAF43E7-3DFA-43C9-9903-2368E21CDEB0@delong.com> References: , <4AB79CBD.13201.13FAEEF9@farmer.umn.edu>, <8CAF43E7-3DFA-43C9-9903-2368E21CDEB0@delong.com> Message-ID: <4AB7AFFE.18081.14462696@farmer.umn.edu> On 21 Sep 2009 Owen DeLong wrote: > On Sep 21, 2009, at 1:33 PM, David Farmer wrote: > > > On 21 Sep 2009 Owen DeLong wrote: > > > >> What about a policy that covers the situation of repeated receipt and > >> reclamation? For example: > >> > >> 1. Standard process applies the first time you get address space > >> as it does today. > >> > >> 2. You return the space or fail to pay your bill. > >> > >> 3. You come back for a second round of addresses on a new "initial" > >> application. Based on your history, you are expected to front a > >> deposit > >> for your next two years renewal as well, 50% of which is refundable > >> if you return your space at the end of the first year. (In other > >> words, > >> you pay 3 years up front, if you only use 1, you get 1 back, costs > >> you > >> two.) If you use for more than a year, the deposit is forfeit, but, > >> you don't > >> owe fees until you begin your fourth year of utilization. > > > > Refunds can create accounting issues, they may be > > considered future liabilities and need to be carried on the > > books until the second year of registration is started. I'm not > > an accountant so I don't know all the details. But I know > > accountants don't like refunds, especially ones built-in to a > > process. I suspect this is why ARIN has no refunds written into > > their current contracts. So I would suggest going with a non- > > refundable charge even at this step. > > > I didn't want the policy to be punitive to organizations that may > be legitimate, but, go out of business in a year or whatever. It is only punitive if they let their bill get more than a year delinquent, and it is possible that they will have lost their allocation(s) then anyway, that is potentially way more punitive than requiring a two year renewal. > >> 4. You return the space, get your one year refund, and subsequently > >> apply for a 3rd round of addressing on yet another new application. > >> > >> 5. This time, you're still charged on the 3-year deposit basis, but, > >> it is > >> completely non-refundable. > >> > >> Thoughts? > > > > I guess I wouldn't oppose such a process, procedure, or policy. > > But, I would want some evidence that it would have an effect. > > FWIW, this sounds more like a billing procedure or issues to > > me, that staff and the board should deal with rather than a > > policy that should go through the Policy Development Process. > > > Maybe that's why the ARIN membership is discussing this on > ARIN-DISCUSS instead of the public discussing it on PPML. My intent was to reinforce that ARIN-DISCUSS was and is the right place for the conservation, I probably wasn't as clear about that as I should have been, sorry. > > This doesn't seem to negatively effect the normal good actors, > > and wouldn't even greatly effect people that don't pay there > > bills on time. First they would have to let the bill go more than > > a year delinquent, and then they would just have to pay ahead > > a little. They still get two or three years of registration, they are > > just required to pay it a head of time. > > > > But, no one should view this as a magic bullet. As has been > > said this kind of thing isn't really going to stop spamers or other > > bad actors. At best it might stop a few of the dumb or lazy > > ones, it really only slightly raises the bar for most spamers. > > > Of course it's not a magic bullet. While I would certainly welcome > any more effective solution, I don't have one handy. > > Owen I agree, I don't have a more effective solution handy either. With a little data, like I asked for, I could probably support something along these lines. I would like an idea of how many accounts get to more than a year past due, it is O(10) or O(100). If it were O(1,000) or O(10,000), then I suspect we would have heard about this as a completely different kind of issue. Further, if it is O(1) then I'm not sure this would be worth the effort, that would fall into the "if it ain't broke, don't fix it" category in my view. =============================================== David Farmer Email:farmer at umn.edu Office of Information Technology Networking & Telecomunication Services University of Minnesota Phone: 612-626-0815 2218 University Ave SE Cell: 612-812-9952 Minneapolis, MN 55414-3029 FAX: 612-626-1818 =============================================== From jcurran at arin.net Mon Sep 21 18:23:09 2009 From: jcurran at arin.net (John Curran) Date: Mon, 21 Sep 2009 18:23:09 -0400 Subject: [arin-discuss] ARIN billing practice In-Reply-To: <4AB7D640.2010101@gmail.com> References: <68EC8C15-890B-4691-AE9A-FAEBE1CEC707@delong.com> <4AB7D640.2010101@gmail.com> Message-ID: Scott - You are correct. Additionally, the party/parties behind a corporation can change significantly after they obtain address space from ARIN. /John On Sep 21, 2009, at 12:38 PM, Scott Leibrand wrote: > Again, we have the problem of defining "you". If each new > application comes from a different org, how do you define whether to > apply this policy? > > It's trivial to create a new corporation for each request, and state > corporate privacy laws make it almost impossible to determine who's > behind such a corporation. From tedm at ipinc.net Mon Sep 21 18:39:32 2009 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Mon, 21 Sep 2009 15:39:32 -0700 Subject: [arin-discuss] ARIN billing practice In-Reply-To: References: , <68EC8C15-890B-4691-AE9A-FAEBE1CEC707@delong.com> <4AB79CBD.13201.13FAEEF9@farmer.umn.edu> <565F44B0-68FC-45EC-BC6A-C2E5ABC7416C@mia.net> Message-ID: <4AB800A4.2010601@ipinc.net> Spam may not be a crime in all countries that ARIN has jurisdiction over. However, please keep in mind ARIN is not above the law. See: https://www.arin.net/about_us/corp_docs/artic_incorp.html ARIN is incorporated as a non-profit in the US as such they must file tax returns (whether or not they pay taxes is unimportant) and must hold on to all supporting documentation that proves that they have received the payments that make up their financials. As such, ARIN may not simply shred documentation from payments from spammers, even though said spammers may vanish due to their bogus companies disappearing. ARIN must retain this in case of tax audit. All of this information is available to any lawyer in the US that bothers to file a subpoena, whether for criminal charges against a spammer under CAN-SPAM or under the fraud statues of any state. The information is there if it's wanted. I would submit that the reason you do not see a lot of activity in prosecuting spammers in the US is that to put it simply, there's no money in it. Lawyers and prosecutors must get paid, and our various federal and state governments in the US usually do not go after white collar criminals unless there's a chance that they can obtain a significant monetary fine, or civil settlement. If your a citizen of the US your free to write your A.G. and other elected representative and tell them to get cracking on the spam problem. Ted Sean Cheesman wrote: > My bad. I thought the CAN-SPAM act allowed for criminal charges against companies that don't comply with regulation. Guess I'm living in an alternate universe... > > http://en.wikipedia.org/wiki/CAN-SPAM_Act_of_2003#Criminal_enforcement > > -----Original Message----- > From: Jeremy Anthony Kinsey [mailto:jer at mia.net] > Sent: Monday, September 21, 2009 5:29 PM > To: Sean Cheesman > Cc: David Farmer; Owen DeLong; arin-discuss at arin.net > Subject: Re: [arin-discuss] ARIN billing practice > > > On Sep 21, 2009, at 3:50 PM, Sean Cheesman wrote: > >> Maybe I'm just simplifying this too much, but why doesn't ARIN just >> do everything possible (Articles of Incorporation, verification of >> identity, etc) so that when spammers do misuse these blocks the >> authorities actually have good contact information for those >> responsible? As it was said, ARIN is not a policing body, but that >> doesn't mean that they can't enact policies that will help those >> that can police. > > > While I can appreciate your intentions and frustration, last I checked > spam was not a crime. Annoying, yes, illegal? No. > > Besides all this is going to do is entice people to submit more bogus > info. > > -jer > _______________________________________________ > ARIN-Discuss > You are receiving this message because you are subscribed to > the ARIN Discussion Mailing List (ARIN-discuss at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-discuss > Please contact info at arin.net if you experience any issues. From john at citylinkfiber.com Mon Sep 21 18:31:55 2009 From: john at citylinkfiber.com (John Brown) Date: Mon, 21 Sep 2009 16:31:55 -0600 Subject: [arin-discuss] ARIN billing practice Message-ID: Natural person YOU or Jurist person YOU ?? Remember that a corporation is considered an entity that is separate from humans. ARIN is not the place to battle spam or other bad packets. ARIN is a steward of binary resources and if you meet the requirements you should have access to those binary resources. John Brown Candidate for AC -----Original Message----- From: arin-discuss-bounces at arin.net [mailto:arin-discuss-bounces at arin.net] On Behalf Of Scott Leibrand Sent: Monday, September 21, 2009 1:39 PM To: Owen DeLong Cc: arin-discuss at arin.net Subject: Re: [arin-discuss] ARIN billing practice Again, we have the problem of defining "you". If each new application comes from a different org, how do you define whether to apply this policy? It's trivial to create a new corporation for each request, and state corporate privacy laws make it almost impossible to determine who's behind such a corporation. -Scott Owen DeLong wrote: > What about a policy that covers the situation of repeated receipt and > reclamation? For example: > > 1. Standard process applies the first time you get address space > as it does today. > > 2. You return the space or fail to pay your bill. > > 3. You come back for a second round of addresses on a new "initial" > application. Based on your history, you are expected to front a > deposit > for your next two years renewal as well, 50% of which is refundable > if you return your space at the end of the first year. (In other > words, > you pay 3 years up front, if you only use 1, you get 1 back, costs > you > two.) If you use for more than a year, the deposit is forfeit, > but, you don't > owe fees until you begin your fourth year of utilization. > > 4. You return the space, get your one year refund, and subsequently > apply for a 3rd round of addressing on yet another new application. > > 5. This time, you're still charged on the 3-year deposit basis, > but, it is > completely non-refundable. > > Thoughts? > > Owen > > On Sep 21, 2009, at 7:30 AM, Schiller, Heather A (HeatherSkanks) wrote: > >> >> I was reading Chris Morrow's comment on Nanog - about spammers.. >> >> "The end of the discussion was along the lines of: "Yes, we know this >> guy is bad news, but he always comes to us with the proper paperwork and >> numbers, there's nothing in the current policy set to deny him address >> resources. Happily though he never pays his bill after the first 12 >> months so we just reclaim whatever resources are allocated then." (yes, >> comments about more address space ending up on BL's were made, and that >> he probably doesn't pay because after the first 3 months the address >> space is 'worthless' to him...)" >> >> ..and got to wondering, "Why doesn't ARIN charge first and last years >> "rent" on resource allocations?" >> >> If you notify ARIN before your bill is due, that you will be returning >> the resource and not renewing, you get a refund. If you don't notify >> ARIN and your bill lapses, then ARIN isn't out the money they would have >> gotten from you, during the time they hold your resource before/during >> revocation for non-payment. (since most folks keep using it, you should >> still have to pay for it..) >> >> I'm not claiming this would make the spam thing any better.. just raise >> the financial bar, make them have to do work if they want their money >> back. >> >> I don't know whether I'm even in favor of this or not.. but just about >> every other 'utility' type service has this practice, and maybe this is >> worth considering. Maybe there is a reason ARIN doesn't do this..? >> >> Thoughts? >> >> --Heather >> _______________________________________________ >> ARIN-Discuss >> You are receiving this message because you are subscribed to >> the ARIN Discussion Mailing List (ARIN-discuss at arin.net). >> Unsubscribe or manage your mailing list subscription at: >> http://lists.arin.net/mailman/listinfo/arin-discuss >> Please contact info at arin.net if you experience any issues. > > _______________________________________________ > ARIN-Discuss > You are receiving this message because you are subscribed to > the ARIN Discussion Mailing List (ARIN-discuss at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-discuss > Please contact info at arin.net if you experience any issues. _______________________________________________ ARIN-Discuss You are receiving this message because you are subscribed to the ARIN Discussion Mailing List (ARIN-discuss at arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-discuss Please contact info at arin.net if you experience any issues. From tedm at ipinc.net Mon Sep 21 18:51:06 2009 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Mon, 21 Sep 2009 15:51:06 -0700 Subject: [arin-discuss] ARIN billing practice In-Reply-To: <9CD46289-D95D-4103-8FF7-D03EBC040643@mia.net> References: , <68EC8C15-890B-4691-AE9A-FAEBE1CEC707@delong.com> <4AB79CBD.13201.13FAEEF9@farmer.umn.edu> <565F44B0-68FC-45EC-BC6A-C2E5ABC7416C@mia.net> <9CD46289-D95D-4103-8FF7-D03EBC040643@mia.net> Message-ID: <4AB8035A.9080607@ipinc.net> Jeremy Anthony Kinsey wrote: > Almost every spam I get contains something that "complies" with that > "regulation". I really do not want to argue the semantics of a law that > remains relatively ineffective and unenforceable as it is written. It > does not outlaw or make illegal the act of sending UCE. What it does is > says if you are going to do it, you need to accommodate those that do > not want to receive such UCE by way of providing a removal system or > valid contact address. As such, most of these places do. > A removal system that does not work to actually remove anyone is criminal fraud, and it is very easy to prove that many of these removal systems mostly are ignored by the spammers. Moreover most spams are criminal in nature, they advertise fraudulent products or schemes. There is PLENTY for the FBI to work with, and the FBI has brought many successful actions against spammers in the past. In addition many spams are front ends for identity theft rings and investigation of the spams can lead back to these rings. Claims that the law in weak and unenforceable are bogus, and merely serve to make people feel that there's nothing that they can do about the problem. As a result they don't try, they don't complain to the FBI through http://www.ic3.gov/complaint/default.aspx, they don't complain to their elected representatives, who are mostly ignorant of the spam problem (other than knowing it exists) they just delete the spams either by software (spamassassin) or with their keyboards. This deletes valuable evidence that can be used to shut these people down. It removes pressure from politicians to push the AG's and feds to devote resources to the problem, and removes pressure from the politicians to fine tune the law. It is like arguing that since bankers are going to steal money if possible, that we might as well not bother pushing in more strict banking regulations. Jeremy, if you don't want to fight spam then fine. But don't denigrate the work of those who do. All you accomplish is making their work harder, and the problem worse. Ted From tedm at ipinc.net Mon Sep 21 19:01:00 2009 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Mon, 21 Sep 2009 16:01:00 -0700 Subject: [arin-discuss] ARIN billing practice In-Reply-To: References: Message-ID: <4AB805AC.8020409@ipinc.net> John Brown wrote: > Natural person YOU or Jurist person YOU ?? > > Remember that a corporation is considered an entity that is separate > from humans. > > ARIN is not the place to battle spam or other bad packets. > > ARIN is a steward of binary resources and if you meet the requirements > you should have access to those binary resources. > And, if you "rent" those resources the community also has a right to know who you are. That is why the WHOIS database exists and is public. This is no different than if you buy property (also a community resource) which is why your deed is public record. Note that buying property is similar to renting because the government assesses rent (in the form of property taxes) to all property every year, and if you fail to pay it the government takes the property back. A corporation that supplies bogus WHOIS data to ARIN is committing fraud, as well as violating the RSA it just signed, and should therefore lose it's "binary resources" This is why the WHOIS POC cleanup was approved. As provider of public contact info for the "binary resources" assigned to a spammer, it's disingenuous to argue that ARIN has nothing to do with battling spam or bad packets. On the contrary, the role ARIN fulfills is vital to battling spam and bad packets. Jut because they aren't firing the bullets doesn't mean that they aren't providing critical backup support to those who are. Ted From jcurran at arin.net Mon Sep 21 19:02:08 2009 From: jcurran at arin.net (John Curran) Date: Mon, 21 Sep 2009 19:02:08 -0400 Subject: [arin-discuss] ARIN billing practice In-Reply-To: <4AB800A4.2010601@ipinc.net> References: <68EC8C15-890B-4691-AE9A-FAEBE1CEC707@delong.com> <4AB79CBD.13201.13FAEEF9@farmer.umn.edu> <565F44B0-68FC-45EC-BC6A-C2E5ABC7416C@mia.net> <4AB800A4.2010601@ipinc.net> Message-ID: On Sep 21, 2009, at 3:39 PM, Ted Mittelstaedt wrote: > Spam may not be a crime in all countries that ARIN has jurisdiction > over. > > However, please keep in mind ARIN is not above the law. Ted - We're proactive, not reactive here ? ARIN works closely with law enforcement organizations in the region to help them understand exactly what the records we keep (publicly visible and private in the application process) to help support them in their enforcement activities. This turns out to be very important for the criminal investigations that are being pursued against parties whose identity is predominantly virtual. It's important to note that ARIN can easily reclaim IP resources from parties that make fraudulent applications to ARIN, but otherwise we are not in a position to reclaim resources to a party which is alleged of criminal activity. We do investigate each fraud report, but many of them do not involve any misrepresentation to ARIN and hence are a matter for law enforcement. /John From tedm at ipinc.net Mon Sep 21 20:09:30 2009 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Mon, 21 Sep 2009 17:09:30 -0700 Subject: [arin-discuss] ARIN billing practice In-Reply-To: References: <68EC8C15-890B-4691-AE9A-FAEBE1CEC707@delong.com> <4AB79CBD.13201.13FAEEF9@farmer.umn.edu> <565F44B0-68FC-45EC-BC6A-C2E5ABC7416C@mia.net> <4AB800A4.2010601@ipinc.net> Message-ID: <4AB815BA.4000105@ipinc.net> John Curran wrote: > On Sep 21, 2009, at 3:39 PM, Ted Mittelstaedt wrote: > >> Spam may not be a crime in all countries that ARIN has jurisdiction >> over. >> >> However, please keep in mind ARIN is not above the law. > > Ted - > > We're proactive, not reactive here ? ARIN works closely with law > enforcement organizations in the region to help them understand > exactly what the records we keep (publicly visible and private in the > application process) to help support them in their enforcement > activities. > John, I did not mean to imply that ARIN did not do this, that was perhaps a poor choice of wording. > This turns out to be very important for the criminal investigations > that are being pursued against parties whose identity is predominantly > virtual. > > It's important to note that ARIN can easily reclaim IP resources from > parties that make fraudulent applications to ARIN, but otherwise we > are not in a position to reclaim resources to a party which is alleged > of criminal activity. We do investigate each fraud report, but many > of them do not involve any misrepresentation to ARIN and hence are a > matter for law enforcement. > Question - if someone on the Internet e-mails ARIN with information that is verifiable that an address block holder is bogus would ARIN follow it up? For example, if Joe Spamfighter e-mails all master POCs of a block holder and they bounce, calls the phone numbers on them and gets a "this is a disconnected number" goes to a website on it and gets no response back, then complains to ARIN, would ARIN follow this up? Ted From jcurran at arin.net Mon Sep 21 21:52:40 2009 From: jcurran at arin.net (John Curran) Date: Mon, 21 Sep 2009 21:52:40 -0400 Subject: [arin-discuss] ARIN billing practice In-Reply-To: <4AB815BA.4000105@ipinc.net> References: <68EC8C15-890B-4691-AE9A-FAEBE1CEC707@delong.com> <4AB79CBD.13201.13FAEEF9@farmer.umn.edu> <565F44B0-68FC-45EC-BC6A-C2E5ABC7416C@mia.net> <4AB800A4.2010601@ipinc.net> <4AB815BA.4000105@ipinc.net> Message-ID: <76172329-6C0D-48B9-910E-BF4E1CD3E368@arin.net> On Sep 21, 2009, at 5:09 PM, Ted Mittelstaedt wrote: > > Question - if someone on the Internet e-mails ARIN with information > that > is verifiable that an address block holder is bogus would ARIN > follow it up? There's a fraud reporting process: https://www.arin.net/resources/fraud/ If you submit information regarding an address block which you suspect was obtained via fraudulent means (e.g. hijacking, improper transfers), we will investigate. If it turns out that there was fraudulent misrepresentation to ARIN, we will reclaim the resources involved. > For example, if Joe Spamfighter e-mails all master POCs of a block > holder and they bounce, calls the phone numbers on them and gets a > "this > is a disconnected number" goes to a website on it and gets no response > back, then complains to ARIN, would ARIN follow this up? If reported via the fraud reporting process, we will indeed follow- up. That report would not result in reclamation action (even if the contacts are no longer valid) unless the information shows that the original block holder's application for space was fraudulent. /John John Curran President and CEO ARIN From schiller at uu.net Tue Sep 22 10:46:23 2009 From: schiller at uu.net (Jason Schiller) Date: Tue, 22 Sep 2009 10:46:23 -0400 (EDT) Subject: [arin-discuss] use of 128.66.0.0/16 not clear Message-ID: On behalf of Ron Bonica, Folks, The IETF has recently passed draft-iana-rfc3330bis-08. This draft documents the fact that the following address ranges have been reserved for documentation: - 192.0.2.0/24 (TEST-NET-1) - 198.51.100.0/24 (TEST-NET-2) - 203.0.113.0/24 (TEST-NET-3) In addition, some authors have used 128.66.0.0/16 (TEST-B) for example purposes. There is no RFC that talks about this block, but my understanding is that IANA/ARIN have marked it as reserved. If you search the Internet you will find at least some number of examples and firewall rule sets that use this block, but I have no good idea about how widespread such usage is. What should we do about this block? Some of the potential answers include documenting its role, marking it as reserved but deprecating its use in examples, and returning it to the free pool immediately (with a warning sign about possible filtering problems). Comments? Ron From mark at visuallink.com Tue Sep 22 10:51:07 2009 From: mark at visuallink.com (Mark Bayliss) Date: Tue, 22 Sep 2009 10:51:07 -0400 Subject: [arin-discuss] ARIN billing practice In-Reply-To: <4AB805AC.8020409@ipinc.net> References: <4AB805AC.8020409@ipinc.net> Message-ID: <20090922145106.300396E80164@mail1.visuallink.com> Ted, The problem of people giving false information or setting up a bogus company in order to acquire IP address space to send spam or "USE" should be very simple to stop or at least reduce. The information AIRN requests in order to apply for IP address space should be expanded to include their business License information and government TAX ID# or Tax exemption #. This can then be checked in any country that ARIN provides IP address resources. Even EDU or government departments are required to have a business license and in all countries there is some form of TAX ID number. Since their is not a country in North America that has not figured out how to TAX every business in their respective countries thay all have a TAX ID system were each business is give an individual Tax number or ID. This information could then be checked to see if the entity at least has a business licenses and TAX ID#. Then ARIN should contact the business using the Address listed in the government business license and tax ID information to verify that they are the actual group requesting the IP address space. This is not a new method most vendors use this method to verify that the company that has made an order is actually the company they claim to be. In the state of Virginia we had a large amount of people obtaining Drivers licenses under a false name and address. In fact all of the 9/11 hijackers had Virginia Driver licensees. In order to prevent this the Virginia Division of motor Vehicle registration now requires at least two forms of government issued Identification in order to obtain a driver license. Arin should basically do the same. Virginia found that every person had a birth certificate and SSN number that lives in the USA. You could also provide a Government issued Passport or a Voter registration card as well. In the case of any ISP, Government, EDU, or business attempting to apply for IP address space their should be the same basic requirement of two forms of government issued ID. In this case the universal ID would be a Business licence and TAX ID#. This information even though it is public knowledge would not have to listed in the public WHOIS information but used to verify the Identity of the actual group applying for IP address space. Mark Bayliss At 07:01 PM 9/21/2009, you wrote: >John Brown wrote: >>Natural person YOU or Jurist person YOU ?? >>Remember that a corporation is considered an entity that is separate >>from humans. >>ARIN is not the place to battle spam or other bad packets. >>ARIN is a steward of binary resources and if you meet the requirements >>you should have access to those binary resources. > >And, if you "rent" those resources the community also has a right >to know who you are. That is why the WHOIS database exists and is >public. This is no different than if you buy property (also a community >resource) which is why your deed is public record. Note that buying >property is similar to renting because the government assesses rent >(in the form of property taxes) to all property every year, and if >you fail to pay it the government takes the property back. > >A corporation that supplies bogus WHOIS data to ARIN is committing >fraud, as well as violating the RSA it just signed, and should therefore >lose it's "binary resources" This is why the WHOIS POC cleanup was >approved. > >As provider of public contact info for the "binary resources" assigned >to a spammer, it's disingenuous to argue that ARIN has nothing to do >with battling spam or bad packets. On the contrary, the role ARIN >fulfills is vital to battling spam and bad packets. Jut because they >aren't firing the bullets doesn't mean that they aren't providing >critical backup support to those who are. > > >Ted >_______________________________________________ >ARIN-Discuss >You are receiving this message because you are subscribed to >the ARIN Discussion Mailing List (ARIN-discuss at arin.net). >Unsubscribe or manage your mailing list subscription at: >http://lists.arin.net/mailman/listinfo/arin-discuss >Please contact info at arin.net if you experience any issues. E-mail message checked by Spyware Doctor (6.1.0.447) Database version: 6.13320 http://www.pctools.com/en/spyware-doctor-antivirus/ From alex.ryu at kdlinc.com Tue Sep 22 11:30:19 2009 From: alex.ryu at kdlinc.com (Alex Ryu) Date: Tue, 22 Sep 2009 10:30:19 -0500 Subject: [arin-discuss] ARIN billing practice In-Reply-To: <20090922145106.300396E80164@mail1.visuallink.com> References: <4AB805AC.8020409@ipinc.net> <20090922145106.300396E80164@mail1.visuallink.com> Message-ID: <278B5E4BCD5E654385A9F83C7CA6D517CB217842FE@MAILBOX-01.qcommcorp.ad> In that case, what about additional burden that ARIN carries for this additional info ? Does ARIN require to verify the validity of Business License or TAX ID info ? If ARIN doesn't verify, it is another meaningless information. If they do, it will be a lot of burden. Also, if somebody is trying to setup bogus company, probably he/she can setup bogus company registered in local TAX authority any way using proxy person or some people, who will be much thankful to get some money out of their name or identity. So I think it is meaningless except that ARIN becoming more of investigation unit. If ARIN doesn't use the info actively, why do they need to collect the information ? Alex -----Original Message----- From: arin-discuss-bounces at arin.net [mailto:arin-discuss-bounces at arin.net] On Behalf Of Mark Bayliss Sent: Tuesday, September 22, 2009 9:51 AM To: Ted Mittelstaedt Cc: arin-discuss at arin.net Subject: Re: [arin-discuss] ARIN billing practice Ted, The problem of people giving false information or setting up a bogus company in order to acquire IP address space to send spam or "USE" should be very simple to stop or at least reduce. The information AIRN requests in order to apply for IP address space should be expanded to include their business License information and government TAX ID# or Tax exemption #. This can then be checked in any country that ARIN provides IP address resources. Even EDU or government departments are required to have a business license and in all countries there is some form of TAX ID number. Since their is not a country in North America that has not figured out how to TAX every business in their respective countries thay all have a TAX ID system were each business is give an individual Tax number or ID. This information could then be checked to see if the entity at least has a business licenses and TAX ID#. Then ARIN should contact the business using the Address listed in the government business license and tax ID information to verify that they are the actual group requesting the IP address space. This is not a new method most vendors use this method to verify that the company that has made an order is actually the company they claim to be. In the state of Virginia we had a large amount of people obtaining Drivers licenses under a false name and address. In fact all of the 9/11 hijackers had Virginia Driver licensees. In order to prevent this the Virginia Division of motor Vehicle registration now requires at least two forms of government issued Identification in order to obtain a driver license. Arin should basically do the same. Virginia found that every person had a birth certificate and SSN number that lives in the USA. You could also provide a Government issued Passport or a Voter registration card as well. In the case of any ISP, Government, EDU, or business attempting to apply for IP address space their should be the same basic requirement of two forms of government issued ID. In this case the universal ID would be a Business licence and TAX ID#. This information even though it is public knowledge would not have to listed in the public WHOIS information but used to verify the Identity of the actual group applying for IP address space. Mark Bayliss At 07:01 PM 9/21/2009, you wrote: >John Brown wrote: >>Natural person YOU or Jurist person YOU ?? >>Remember that a corporation is considered an entity that is separate >>from humans. >>ARIN is not the place to battle spam or other bad packets. >>ARIN is a steward of binary resources and if you meet the requirements >>you should have access to those binary resources. > >And, if you "rent" those resources the community also has a right >to know who you are. That is why the WHOIS database exists and is >public. This is no different than if you buy property (also a community >resource) which is why your deed is public record. Note that buying >property is similar to renting because the government assesses rent >(in the form of property taxes) to all property every year, and if >you fail to pay it the government takes the property back. > >A corporation that supplies bogus WHOIS data to ARIN is committing >fraud, as well as violating the RSA it just signed, and should therefore >lose it's "binary resources" This is why the WHOIS POC cleanup was >approved. > >As provider of public contact info for the "binary resources" assigned >to a spammer, it's disingenuous to argue that ARIN has nothing to do >with battling spam or bad packets. On the contrary, the role ARIN >fulfills is vital to battling spam and bad packets. Jut because they >aren't firing the bullets doesn't mean that they aren't providing >critical backup support to those who are. > > >Ted >_______________________________________________ >ARIN-Discuss >You are receiving this message because you are subscribed to >the ARIN Discussion Mailing List (ARIN-discuss at arin.net). >Unsubscribe or manage your mailing list subscription at: >http://lists.arin.net/mailman/listinfo/arin-discuss >Please contact info at arin.net if you experience any issues. E-mail message checked by Spyware Doctor (6.1.0.447) Database version: 6.13320 http://www.pctools.com/en/spyware-doctor-antivirus/ _______________________________________________ ARIN-Discuss You are receiving this message because you are subscribed to the ARIN Discussion Mailing List (ARIN-discuss at arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-discuss Please contact info at arin.net if you experience any issues. From jcurran at arin.net Tue Sep 22 11:47:50 2009 From: jcurran at arin.net (John Curran) Date: Tue, 22 Sep 2009 11:47:50 -0400 Subject: [arin-discuss] ARIN billing practice In-Reply-To: <20090922145106.300396E80164@mail1.visuallink.com> References: <4AB805AC.8020409@ipinc.net> <20090922145106.300396E80164@mail1.visuallink.com> Message-ID: <520CDB63-A408-460D-8381-7D7AF42BE07D@arin.net> Mark - We do perform incorporation checks. That is not the problem; these are perfectly legally formed entites approaching for address space. /John President and CEO ARIN On Sep 22, 2009, at 7:51 AM, Mark Bayliss wrote: > Ted, > > The problem of people giving false information or setting up a bogus > company in order to acquire IP address space to send spam or "USE" > should be very simple to stop or at least reduce. > The information AIRN requests in order to apply for IP address space > should be expanded to include their business License information and > government TAX ID# or Tax exemption #. This can then be checked in > any country that ARIN provides IP address resources. > Even EDU or government departments are required to have a business > license and in all countries there is some form of TAX ID number. > Since their is not a country in North America that has not figured > out how to TAX every business in their respective countries thay all > have a TAX ID system were each business is give an individual Tax > number or ID. This information could then be checked to see if the > entity at least has a business licenses and TAX ID#. Then ARIN > should contact the business using the Address listed in the > government business license and tax ID information to verify that > they are the actual group requesting the IP address space. This is > not a new method most vendors use this method to verify that the > company that has made an order is actually the company they claim to > be. In the state of Virginia we had a large amount of people > obtaining Drivers licenses under a false name and address. In fact > all of the 9/11 hijackers had Virginia Driver licensees. In order > to prevent this the Virginia Division of motor Vehicle registration > now requires at least two forms of government issued Identification > in order to obtain a driver license. Arin should basically do the > same. Virginia found that every person had a birth certificate and > SSN number that lives in the USA. You could also provide a > Government issued Passport or a Voter registration card as well. In > the case of any ISP, Government, EDU, or business attempting to > apply for IP address space their should be the same basic > requirement of two forms of government issued ID. In this case the > universal ID would be a Business licence and TAX ID#. This > information even though it is public knowledge would not have to > listed in the public WHOIS information but used to verify the > Identity of the actual group applying for IP address space. > > > > Mark Bayliss > > > > > > At 07:01 PM 9/21/2009, you wrote: >> John Brown wrote: >>> Natural person YOU or Jurist person YOU ?? >>> Remember that a corporation is considered an entity that is separate >>> from humans. >>> ARIN is not the place to battle spam or other bad packets. >>> ARIN is a steward of binary resources and if you meet the >>> requirements >>> you should have access to those binary resources. >> >> And, if you "rent" those resources the community also has a right >> to know who you are. That is why the WHOIS database exists and is >> public. This is no different than if you buy property (also a >> community >> resource) which is why your deed is public record. Note that buying >> property is similar to renting because the government assesses rent >> (in the form of property taxes) to all property every year, and if >> you fail to pay it the government takes the property back. >> >> A corporation that supplies bogus WHOIS data to ARIN is committing >> fraud, as well as violating the RSA it just signed, and should >> therefore >> lose it's "binary resources" This is why the WHOIS POC cleanup was >> approved. >> >> As provider of public contact info for the "binary resources" >> assigned >> to a spammer, it's disingenuous to argue that ARIN has nothing to do >> with battling spam or bad packets. On the contrary, the role ARIN >> fulfills is vital to battling spam and bad packets. Jut because they >> aren't firing the bullets doesn't mean that they aren't providing >> critical backup support to those who are. >> >> >> Ted >> _______________________________________________ >> ARIN-Discuss >> You are receiving this message because you are subscribed to >> the ARIN Discussion Mailing List (ARIN-discuss at arin.net). >> Unsubscribe or manage your mailing list subscription at: >> http://lists.arin.net/mailman/listinfo/arin-discuss >> Please contact info at arin.net if you experience any issues. > > > > > > E-mail message checked by Spyware Doctor (6.1.0.447) > Database version: 6.13320 > http://www.pctools.com/en/spyware-doctor-antivirus/ > _______________________________________________ > ARIN-Discuss > You are receiving this message because you are subscribed to > the ARIN Discussion Mailing List (ARIN-discuss at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-discuss > Please contact info at arin.net if you experience any issues. > From jradel at vantage.com Tue Sep 22 12:03:13 2009 From: jradel at vantage.com (Jon Radel) Date: Tue, 22 Sep 2009 12:03:13 -0400 Subject: [arin-discuss] ARIN billing practice In-Reply-To: <278B5E4BCD5E654385A9F83C7CA6D517CB217842FE@MAILBOX-01.qcommcorp.ad> References: <4AB805AC.8020409@ipinc.net> <20090922145106.300396E80164@mail1.visuallink.com> <278B5E4BCD5E654385A9F83C7CA6D517CB217842FE@MAILBOX-01.qcommcorp.ad> Message-ID: <4AB8F541.7090708@vantage.com> Alex Ryu wrote: > > Also, if somebody is trying to setup bogus company, probably he/she can setup bogus company registered in local TAX authority any way using proxy person or some people, who will be much thankful to get some money out of their name or identity. > > Thinking back to my experience forming a Virginia corporation, running it for a bit, and then killing it off, I'd say that in Virginia (since we've already come up in this discussion) if you've got around $150 and the patience to fill out a couple of forms (they're really short) you can have a corporation, EIN (tax id from the IRS), and business license with nobody much caring who the officers are (if anybody who actually exists even) or what you do. If you mess up big time, then, yes the authorities start to care and have penalties for various infractions, but they most certainly don't check anything ahead of time. If you start to sell shares publicly, then, yes, some new agencies that actual take a look at you enter the picture. But frankly, if you don't make waves and remember to file a tax return every year, nobody looks at your little private corporation. Oh, and these days I'm the treasurer of a perfectly legitimate non-profit organization that doesn't need a business license and consequently doesn't have one, though we do have an EIN. So, sorry, but I quite agree that verification of EIN and business license does little other than filter out applications with completely fictional information; I've always found the ARIN paperwork harder to fill out than the corporation commission or EIN request forms, so I'm not sure this represents a useful barrier. In any case, without a tight definition of what "bogus company" actually means, I don't see this becoming actionable policy. --Jon Radel -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3303 bytes Desc: S/MIME Cryptographic Signature URL: From mahannig at akamai.com Tue Sep 22 12:18:23 2009 From: mahannig at akamai.com (Hannigan, Martin) Date: Tue, 22 Sep 2009 12:18:23 -0400 Subject: [arin-discuss] ARIN billing practice In-Reply-To: <278B5E4BCD5E654385A9F83C7CA6D517CB217842FE@MAILBOX-01.qcommcorp.ad> Message-ID: On 9/22/09 11:30 AM, "Alex Ryu" wrote: > > In that case, what about additional burden that ARIN carries for this > additional info ? > Does ARIN require to verify the validity of Business License or TAX ID info ? > If ARIN doesn't verify, it is another meaningless information. > If they do, it will be a lot of burden. Well, ARIN is not going to stop application fraud or spam. If it makes application fraud harder, I don't have a problem with ARIN expanding it's fraud screening to all new applicants if they don't already or improving fraud screening. I personally would prefer that it be charged back to the new applicants in a (hopefully not so high) one-time screening fee, but beyond that, if the burden is to help make a better product, that's great. I think "deposits" or non-refundable payments in advance are problematic. Tying up capital means you can't use it. It's hard to get deposits multi-year payments approved for this kind of stuff corporate wise (capital costs) and for small businesses that need their capital, this is unfair to some extent. We don't want to make it more difficult for everyone to get resources. Just fraudsters. Best, -M< -- Martin Hannigan http://www.akamai.com Akamai Technologies, Inc. marty at akamai.com Cambridge, MA USA cell: +16178216079 ofc: +16174442535 -------------- next part -------------- An HTML attachment was scrubbed... URL: From mhasse at itwerx.net Tue Sep 22 12:51:01 2009 From: mhasse at itwerx.net (Michael Hasse) Date: Tue, 22 Sep 2009 09:51:01 -0700 Subject: [arin-discuss] ARIN billing practice In-Reply-To: <4AB8F541.7090708@vantage.com> References: <4AB805AC.8020409@ipinc.net> <20090922145106.300396E80164@mail1.visuallink.com> <278B5E4BCD5E654385A9F83C7CA6D517CB217842FE@MAILBOX-01.qcommcorp.ad> <4AB8F541.7090708@vantage.com> Message-ID: <33D4DD1C-1DBA-4065-A71C-6B87DBA0BB9B@itwerx.net> Been watching the discussion for a bit and thought I'd add 2c to the pot. It seems that the problem revolves around: - virtually anonymous requests that churn and burn IP blocks. - how to slow/prevent this without adding an onerous administrative burden to ARIN So here's a possible solution-set: - collect, confirm and retain as much information about netblock users as possible, (including archive records of old info if somebody changes it), with a "churn" flag that is set for some number of years whenever a netblock is returned - cross-reference all information for AS# and netblock requests against the list above and if there is even a single match (POC, tel#, address, whatever...) then: - flag for review/reject - put on probation - delay - any/all of these or other deleterious actions - require actual granting of a new AS# (only) to be received by applicant at an actual business address (no residential, no POB) - prevent carpet-bombing of the above and defray ARIN overhead by charging a reasonable application fee for each submission ($200?) The issue will never be completely eliminated but this should set the bar a lot higher and force spammers to behave more like legitimate businesses with A - minimal additional ARIN admin overhead, and B - little change to existing process for legitimate customers. Thanks, Michael Hasse Itwerx 206-850-1496 http://www.itwerx.net/ ********************************** If our service is not 100% satisfactory please tell us! If it is 100% please tell others! ********************************** On Sep 22, 2009, at 9:03 AM, Jon Radel wrote: Alex Ryu wrote: > > Also, if somebody is trying to setup bogus company, probably he/she > can setup bogus company registered in local TAX authority any way > using proxy person or some people, who will be much thankful to get > some money out of their name or identity. > Thinking back to my experience forming a Virginia corporation, running it for a bit, and then killing it off, I'd say that in Virginia (since we've already come up in this discussion) if you've got around $150 and the patience to fill out a couple of forms (they're really short) you can have a corporation, EIN (tax id from the IRS), and business license with nobody much caring who the officers are (if anybody who actually exists even) or what you do. If you mess up big time, then, yes the authorities start to care and have penalties for various infractions, but they most certainly don't check anything ahead of time. If you start to sell shares publicly, then, yes, some new agencies that actual take a look at you enter the picture. But frankly, if you don't make waves and remember to file a tax return every year, nobody looks at your little private corporation. Oh, and these days I'm the treasurer of a perfectly legitimate non- profit organization that doesn't need a business license and consequently doesn't have one, though we do have an EIN. So, sorry, but I quite agree that verification of EIN and business license does little other than filter out applications with completely fictional information; I've always found the ARIN paperwork harder to fill out than the corporation commission or EIN request forms, so I'm not sure this represents a useful barrier. In any case, without a tight definition of what "bogus company" actually means, I don't see this becoming actionable policy. --Jon Radel _______________________________________________ ARIN-Discuss You are receiving this message because you are subscribed to the ARIN Discussion Mailing List (ARIN-discuss at arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-discuss Please contact info at arin.net if you experience any issues. From owen at delong.com Tue Sep 22 13:12:55 2009 From: owen at delong.com (Owen DeLong) Date: Tue, 22 Sep 2009 10:12:55 -0700 Subject: [arin-discuss] use of 128.66.0.0/16 not clear In-Reply-To: References: Message-ID: <8BFBBA09-7881-4155-B768-562BF5560BE3@delong.com> I think that now is NOT the time to be expanding the wasted IPv4 address space. This block should be documented for it's prior misuse in examples. That use should be deprecated, and, the block should be placed in the free pool. I would not object to placing it low on the priority list of blocks to be issued, but, that's 65,536 IPs that should not be left fallow simply due to prior misuse. Owen On Sep 22, 2009, at 7:46 AM, Jason Schiller wrote: > On behalf of Ron Bonica, > > Folks, > > The IETF has recently passed draft-iana-rfc3330bis-08. This draft > documents the fact that the following address ranges have been > reserved > for documentation: > > - 192.0.2.0/24 (TEST-NET-1) > - 198.51.100.0/24 (TEST-NET-2) > - 203.0.113.0/24 (TEST-NET-3) > > In addition, some authors have used 128.66.0.0/16 (TEST-B) for example > purposes. There is no RFC that talks about this block, but my > understanding is that IANA/ARIN have marked it as reserved. If you > search the Internet you will find at least some number of examples and > firewall rule sets that use this block, but I have no good idea about > how widespread such usage is. > > What should we do about this block? Some of the potential answers > include documenting its role, marking it as reserved but deprecating > its > use in examples, and returning it to the free pool immediately (with a > warning sign about possible filtering problems). > > Comments? > > Ron > > > > > _______________________________________________ > ARIN-Discuss > You are receiving this message because you are subscribed to > the ARIN Discussion Mailing List (ARIN-discuss at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-discuss > Please contact info at arin.net if you experience any issues. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2105 bytes Desc: not available URL: From scottleibrand at gmail.com Tue Sep 22 14:34:09 2009 From: scottleibrand at gmail.com (Scott Leibrand) Date: Tue, 22 Sep 2009 11:34:09 -0700 Subject: [arin-discuss] use of 128.66.0.0/16 not clear In-Reply-To: References: Message-ID: <4AB918A1.9050205@gmail.com> Does anyone know the actual history of this block? All I see on a quick whois + Google search is several copies of this message on IETF/NANOG/etc, as well as some filter rules blocking 128.66.0.0/16. However, it appears that most of the filters that block 128.66/16 also block 2/8, for example. So without some additional history or information on other types of filtering, I'm not sure that the difficulty of getting 128.66/16 routed will be any higher than that of getting any other previously unallocated block routed. So I guess I'd favor the approach of returning it to the free pool, with appropriate announcements and documentation, and then making allocations from it once the rest of the "cleaner" /16s are used up. -Scott Jason Schiller wrote: > On behalf of Ron Bonica, > > Folks, > > The IETF has recently passed draft-iana-rfc3330bis-08. This draft > documents the fact that the following address ranges have been reserved > for documentation: > > - 192.0.2.0/24 (TEST-NET-1) > - 198.51.100.0/24 (TEST-NET-2) > - 203.0.113.0/24 (TEST-NET-3) > > In addition, some authors have used 128.66.0.0/16 (TEST-B) for example > purposes. There is no RFC that talks about this block, but my > understanding is that IANA/ARIN have marked it as reserved. If you > search the Internet you will find at least some number of examples and > firewall rule sets that use this block, but I have no good idea about > how widespread such usage is. > > What should we do about this block? Some of the potential answers > include documenting its role, marking it as reserved but deprecating its > use in examples, and returning it to the free pool immediately (with a > warning sign about possible filtering problems). > > Comments? > > Ron > > > > > _______________________________________________ > ARIN-Discuss > You are receiving this message because you are subscribed to > the ARIN Discussion Mailing List (ARIN-discuss at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-discuss > Please contact info at arin.net if you experience any issues. > From rs at seastrom.com Tue Sep 22 15:48:39 2009 From: rs at seastrom.com (Robert E. Seastrom) Date: Tue, 22 Sep 2009 15:48:39 -0400 Subject: [arin-discuss] use of 128.66.0.0/16 not clear In-Reply-To: <8BFBBA09-7881-4155-B768-562BF5560BE3@delong.com> (Owen DeLong's message of "Tue, 22 Sep 2009 10:12:55 -0700") References: <8BFBBA09-7881-4155-B768-562BF5560BE3@delong.com> Message-ID: <868wg62220.fsf@seastrom.com> Owen DeLong writes: > I think that now is NOT the time to be expanding the wasted IPv4 > address space. This block should be documented for it's prior > misuse in examples. That use should be deprecated, and, the block > should be placed in the free pool. I respectfully disagree. That sounds like a great idea right up until *your* organization becomes the lucky folks who get assigned it, and given this sentiment: > I would not object to placing it low on the priority list of blocks > to be issued, but, that's 65,536 IPs that should not be left fallow there will likely be a dearth of spare addresses left to renumber into if you decide you can't deal and try to swap out the block with ARIN. > simply due to prior misuse. There was no misuse here. The name NET-TEST-B suggests that using it for examples is perfectly reasonable (and perhaps even using it for "testing", perish the thought!). The question boils down to "will adding 2^16 addresses to the free pool be worth the heartburn that will result from using an address block that is so-tainted and appears in a lot of filters?" I submit that it is not. At a burn rate of 14 /8s per year, that's roughly a /8 every 26 days. Reclaiming 128.66.0.0/16 to the free pool will stave off free pool exhaustion by roughly 8800 seconds, not even three hours. If we were looking at a /8, my thoughts might be a bit different. My gut feeling is that chasing /8s out of static bogon filters is a lot less difficult than chasing /16s out of the same - more space for servers to land that people care about... and we all know what a pain it is even for a /8. I am in favor of continuing to mark this block as reserved due to its previous use. Now, that said, there are addresses that well and truly don't matter in terms of the ability to aspire to global reachability - router loopbacks for instance. I'm A-OK with the notion that if the assignment could be restricted to recipients who have indicated that this constraint is fine, we could do that. Harsh reality intrudes, though, and inasmuch as I don't think there is a mechanism in place at any RIR for pulling this off, I'd say the better part of responsible stewardship is to hold these addresses as reserved rather than handing out known-more-defective-than-usual product. -r From jlewis at atlantic.net Tue Sep 22 16:14:26 2009 From: jlewis at atlantic.net (jlewis at atlantic.net) Date: Tue, 22 Sep 2009 16:14:26 -0400 (EDT) Subject: [arin-discuss] use of 128.66.0.0/16 not clear In-Reply-To: <868wg62220.fsf@seastrom.com> References: <8BFBBA09-7881-4155-B768-562BF5560BE3@delong.com> <868wg62220.fsf@seastrom.com> Message-ID: On Tue, 22 Sep 2009, Robert E. Seastrom wrote: >> I think that now is NOT the time to be expanding the wasted IPv4 >> address space. This block should be documented for it's prior >> misuse in examples. That use should be deprecated, and, the block >> should be placed in the free pool. > > I respectfully disagree. That sounds like a great idea right up until > *your* organization becomes the lucky folks who get assigned it, and > given this sentiment: When we get to that point, I'd happily take a block from 128.66.0.0/16 vs being told by ARIN "Sorry, we don't have any more IPv4." > The question boils down to "will adding 2^16 addresses to the free > pool be worth the heartburn that will result from using an address > block that is so-tainted and appears in a lot of filters?" Do we really know how tainted it is? Any worse than all the old "bogons" that were in so many filters several years ago? Many of us survived being allocated space from 69/8 and others, despite all the books and web pages that told people it'd be a good idea to put those in their internet facing ACLs or BGP route filters. I'd be more worried about getting a block of widely blacklisted ex-spammer space than a slice of 128.66.0.0/16. -- ---------------------------------------------------------------------- Jon Lewis | Senior Network Engineer | Atlantic.net | ________ http://www.lewis.org/~jlewis/pgp for PGP public key__________ From ipgoddess.arin at gmail.com Tue Sep 22 16:32:49 2009 From: ipgoddess.arin at gmail.com (Stacy Hughes) Date: Tue, 22 Sep 2009 13:32:49 -0700 Subject: [arin-discuss] use of 128.66.0.0/16 not clear In-Reply-To: <868wg62220.fsf@seastrom.com> References: <8BFBBA09-7881-4155-B768-562BF5560BE3@delong.com> <868wg62220.fsf@seastrom.com> Message-ID: <24c86a5f0909221332y18624eb9w4b4c5a1ef93e03b6@mail.gmail.com> I agree with RS. A /16 is a drop in the bucket and we shouldn't waste time worrying about it.Stacy On Tue, Sep 22, 2009 at 12:48 PM, Robert E. Seastrom wrote: > > Owen DeLong writes: > > > I think that now is NOT the time to be expanding the wasted IPv4 > > address space. This block should be documented for it's prior > > misuse in examples. That use should be deprecated, and, the block > > should be placed in the free pool. > > I respectfully disagree. That sounds like a great idea right up until > *your* organization becomes the lucky folks who get assigned it, and > given this sentiment: > > > I would not object to placing it low on the priority list of blocks > > to be issued, but, that's 65,536 IPs that should not be left fallow > > there will likely be a dearth of spare addresses left to renumber into > if you decide you can't deal and try to swap out the block with ARIN. > > > simply due to prior misuse. > > There was no misuse here. The name NET-TEST-B suggests that using it > for examples is perfectly reasonable (and perhaps even using it for > "testing", perish the thought!). > > The question boils down to "will adding 2^16 addresses to the free > pool be worth the heartburn that will result from using an address > block that is so-tainted and appears in a lot of filters?" > > I submit that it is not. At a burn rate of 14 /8s per year, that's > roughly a /8 every 26 days. Reclaiming 128.66.0.0/16 to the free pool > will stave off free pool exhaustion by roughly 8800 seconds, not even > three hours. > > If we were looking at a /8, my thoughts might be a bit different. My > gut feeling is that chasing /8s out of static bogon filters is a lot > less difficult than chasing /16s out of the same - more space for > servers to land that people care about... and we all know what a pain > it is even for a /8. I am in favor of continuing to mark this block > as reserved due to its previous use. > > Now, that said, there are addresses that well and truly don't matter > in terms of the ability to aspire to global reachability - router > loopbacks for instance. I'm A-OK with the notion that if the > assignment could be restricted to recipients who have indicated that > this constraint is fine, we could do that. Harsh reality intrudes, > though, and inasmuch as I don't think there is a mechanism in place at > any RIR for pulling this off, I'd say the better part of responsible > stewardship is to hold these addresses as reserved rather than handing > out known-more-defective-than-usual product. > > -r > > _______________________________________________ > ARIN-Discuss > You are receiving this message because you are subscribed to > the ARIN Discussion Mailing List (ARIN-discuss at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-discuss > Please contact info at arin.net if you experience any issues. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jcurran at arin.net Tue Sep 22 19:31:03 2009 From: jcurran at arin.net (John Curran) Date: Tue, 22 Sep 2009 19:31:03 -0400 Subject: [arin-discuss] ARIN billing practice In-Reply-To: <33D4DD1C-1DBA-4065-A71C-6B87DBA0BB9B@itwerx.net> References: <4AB805AC.8020409@ipinc.net> <20090922145106.300396E80164@mail1.visuallink.com> <278B5E4BCD5E654385A9F83C7CA6D517CB217842FE@MAILBOX-01.qcommcorp.ad> <4AB8F541.7090708@vantage.com> <33D4DD1C-1DBA-4065-A71C-6B87DBA0BB9B@itwerx.net> Message-ID: <2B44E3CD-51BE-474E-84A1-EF15DE0AB4ED@arin.net> Michael - Thanks for the summary; while some of this is existing practice, there's definitely some enhancements to be considered. I'm going to work with the ARIN staff and counsel to consider what can be done to make improvements along these lines. It's important to note that at the time of application, there often is zero evidence that such blocks will be misused in the future. It's only after things are assigned, when routing and DNS is setup, that the connections begin to appear. At this point, ARIN is not in a position to reclaim address space unless the holder stops paying bills, or somehow it is shown after the fact that the application information was fraudulent. As many have noted, ARIN reclaiming addresses for any other reason could be consider a significant expansion of our mission, and one not to be taken lightly. /John John Curran President and CEO ARIN On Sep 22, 2009, at 12:51 PM, Michael Hasse wrote: > Been watching the discussion for a bit and thought I'd add 2c to the > pot. > It seems that the problem revolves around: > - virtually anonymous requests that churn and burn IP blocks. > - how to slow/prevent this without adding an onerous > administrative burden to ARIN > > > So here's a possible solution-set: > - collect, confirm and retain as much information about netblock > users as possible, (including archive records of old info if > somebody changes it), with a "churn" flag that is set for some > number of years whenever a netblock is returned > - cross-reference all information for AS# and netblock requests > against the list above and if there is even a single match (POC, > tel#, address, whatever...) then: > - flag for review/reject > - put on probation > - delay > - any/all of these or other deleterious actions > - require actual granting of a new AS# (only) to be received by > applicant at an actual business address (no residential, no POB) > - prevent carpet-bombing of the above and defray ARIN overhead by > charging a reasonable application fee for each submission ($200?) > > > The issue will never be completely eliminated but this should set > the bar a lot higher and force spammers to behave more like > legitimate businesses with A - minimal additional ARIN admin > overhead, and B - little change to existing process for legitimate > customers. > > > Thanks, > > Michael Hasse > Itwerx > 206-850-1496 > http://www.itwerx.net/ > > ********************************** > If our service is not 100% satisfactory please tell us! > If it is 100% please tell others! > ********************************** > > On Sep 22, 2009, at 9:03 AM, Jon Radel wrote: > > > > Alex Ryu wrote: >> >> Also, if somebody is trying to setup bogus company, probably he/she >> can setup bogus company registered in local TAX authority any way >> using proxy person or some people, who will be much thankful to get >> some money out of their name or identity. >> > > Thinking back to my experience forming a Virginia corporation, > running it for a bit, and then killing it off, I'd say that in > Virginia (since we've already come up in this discussion) if you've > got around $150 and the patience to fill out a couple of forms > (they're really short) you can have a corporation, EIN (tax id from > the IRS), and business license with nobody much caring who the > officers are (if anybody who actually exists even) or what you do. > If you mess up big time, then, yes the authorities start to care and > have penalties for various infractions, but they most certainly > don't check anything ahead of time. If you start to sell shares > publicly, then, yes, some new agencies that actual take a look at > you enter the picture. But frankly, if you don't make waves and > remember to file a tax return every year, nobody looks at your > little private corporation. > > Oh, and these days I'm the treasurer of a perfectly legitimate non- > profit organization that doesn't need a business license and > consequently doesn't have one, though we do have an EIN. > > > So, sorry, but I quite agree that verification of EIN and business > license does little other than filter out applications with > completely fictional information; I've always found the ARIN > paperwork harder to fill out than the corporation commission or EIN > request forms, so I'm not sure this represents a useful barrier. > > In any case, without a tight definition of what "bogus company" > actually means, I don't see this becoming actionable policy. > > --Jon Radel > _______________________________________________ > ARIN-Discuss > You are receiving this message because you are subscribed to > the ARIN Discussion Mailing List (ARIN-discuss at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-discuss > Please contact info at arin.net if you experience any issues. > > _______________________________________________ > ARIN-Discuss > You are receiving this message because you are subscribed to > the ARIN Discussion Mailing List (ARIN-discuss at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-discuss > Please contact info at arin.net if you experience any issues. > From farmer at umn.edu Tue Sep 22 23:05:41 2009 From: farmer at umn.edu (David Farmer) Date: Tue, 22 Sep 2009 22:05:41 -0500 Subject: [arin-discuss] use of 128.66.0.0/16 not clear In-Reply-To: <8BFBBA09-7881-4155-B768-562BF5560BE3@delong.com> References: <8BFBBA09-7881-4155-B768-562BF5560BE3@delong.com> Message-ID: <4AB99085.20701@umn.edu> Owen DeLong wrote: > I think that now is NOT the time to be expanding the wasted IPv4 > address space. This block should be documented for it's prior > misuse in examples. That use should be deprecated, and, the block > should be placed in the free pool. > > I would not object to placing it low on the priority list of blocks to be > issued, but, that's 65,536 IPs that should not be left fallow simply > due to prior misuse. > > Owen I'm not sure I would classify it as misuse. If IANA assigned it for that purpose that is its use. So, my initial reaction is let it be, we don't need it that bad. But, lets do a little spelunking in historical RFCs. Because that is a really old chunk of IP address space, I should know my organization has 128.101.0.0/16. Which we got even a couple years after the one in question was assigned; First documented in RFC 923 - "ASSIGNED NUMBERS", IANA originally assigned 128.64.0.0 - 128.79.255.255 to Net Dynamics Exp, the contact listed was Zaw-Sing Su, SRI, ZSu at SRI-TSC.ARPA (Now thats an old email address :)). I assume that is Network Dynamics Experiment and in the modern CIDR world that would be 128.64.0.0/12. A little more spelunking I find this excerpt from RFC 898 - "GATEWAY SPECIAL INTEREST GROUP MEETING NOTES" that looks like it might be related; SAC Gateway -- SRI - Su/Lewis Postel: This was a presentation of the design for the gateways to be used in the advanced SAC demo experiments on network partitioning and reconstitution, and communication between intermingiling mobile networks. Much of these demonstrations will be done with packet radio units and networks. Some of the ideas are to use a gateway-centered type of addressing and double encapsulation (i.e., an extra IP header) to route datagrams. Muuss: Network dynamics due to component mobility or failure. Mobile host, reconstitution, partitioning. H/W: 11/23 S/W: Some "C" gateway OS: VMOS (SRI) Gateway-centered addressing, rather than network. Gw host instead of net.host. Double encapsulation: additional IP header. TCP uses addr as an ID, IP uses it as an ADDRESS (-> route) Need to separate these dual uses of this address field. Incremental Routing (next-hop indication) I'm not sure that these are the same thing, but they both sound like cool projects. If anyone can provide some pointers I'd personally be interested in more details. But, enough spelunking in dank dark old RFCs, lets jump a little further forward. Looking at RIPE's Early Registration Transfer Project information, by the way trying ARIN's I get a 404 page. http://www.ripe.net/projects/erx/erx-ip/network-128.html#networks ARIN was transfered 128.64.0.0/16 and 128.66.0.0/16, all the rest of 128.64.0.0/12 I assume stayed with IANA. The only thing I can find in whois now; OrgName: Interop Show Network OrgID: ISN-4 Address: 600 Harrison St City: San Francisco StateProv: CA PostalCode: 94107 Country: US NetRange: 128.64.0.0 - 128.64.255.255 CIDR: 128.64.0.0/16 NetName: SHOWNETB3 NetHandle: NET-128-64-0-0-1 Parent: NET-128-0-0-0-0 NetType: Direct Assignment NameServer: DNS.INTEROP.NET NameServer: SOLARIS.CC.VT.EDU Comment: RegDate: 1991-09-18 Updated: 2003-03-06 Maybe we can get this returned too? So we are talking about maybe re-aggregating a whole /12 if 128.64.0.0/16 and 128.66.0.0/16 were returned to IANA and put in the free pool. A /12 is going to become a very globally significant chunk of IP space very soon now. So I take back my initial reaction and believe that Owen is right, document that 128.66.0.0/16 is no longer considered a test network, raise the word far and wide don't filter 128.66.0.0. Then recover it. Further, should Interop be asked to return 128.64.0.0/16? It should be done very politely, with the utmost diplomacy, if it is asked at all. But, should it be asked? If, so Who? and, How? I've probably added more that a couple cents worth, but Scott did ask for a little history. This is by no means authoritative, I wasn't there, some that actually knows details please speak up. Thanks > On Sep 22, 2009, at 7:46 AM, Jason Schiller wrote: > >> On behalf of Ron Bonica, >> >> Folks, >> >> The IETF has recently passed draft-iana-rfc3330bis-08. This draft >> documents the fact that the following address ranges have been reserved >> for documentation: >> >> - 192.0.2.0/24 (TEST-NET-1) >> - 198.51.100.0/24 (TEST-NET-2) >> - 203.0.113.0/24 (TEST-NET-3) >> >> In addition, some authors have used 128.66.0.0/16 (TEST-B) for example >> purposes. There is no RFC that talks about this block, but my >> understanding is that IANA/ARIN have marked it as reserved. If you >> search the Internet you will find at least some number of examples and >> firewall rule sets that use this block, but I have no good idea about >> how widespread such usage is. >> >> What should we do about this block? Some of the potential answers >> include documenting its role, marking it as reserved but deprecating its >> use in examples, and returning it to the free pool immediately (with a >> warning sign about possible filtering problems). >> >> Comments? >> >> Ron -- =============================================== David Farmer Email:farmer at umn.edu Networking & Telecommunication Services Office of Information Technology University of Minnesota 2218 University Ave SE Phone: 612-626-0815 Minneapolis, MN 55414-3029 Cell: 612-812-9952 =============================================== From mhasse at itwerx.net Wed Sep 23 01:45:03 2009 From: mhasse at itwerx.net (Michael Hasse) Date: Tue, 22 Sep 2009 22:45:03 -0700 Subject: [arin-discuss] use of 128.66.0.0/16 not clear In-Reply-To: <4AB99085.20701@umn.edu> References: <8BFBBA09-7881-4155-B768-562BF5560BE3@delong.com> <4AB99085.20701@umn.edu> Message-ID: Or simply a usage audit of legacy /8s owned by such as duPont, Eli Lily, Ford, Merck et al. There's more than a few /8s out there that are likely pretty sparsely implemented. Not to mention ones that have been rolled into other orgs, e.g. ranges originally assigned to DEC, CSC and others. (How many /8s does a non-ISP need anyway? Hope I'm not speaking out of turn here...) Thanks, Michael Hasse Itwerx 206-850-1496 http://www.itwerx.net/ ********************************** If our service is not 100% satisfactory please tell us! If it is 100% please tell others! ********************************** On Sep 22, 2009, at 8:05 PM, David Farmer wrote: Owen DeLong wrote: > I think that now is NOT the time to be expanding the wasted IPv4 > address space. This block should be documented for it's prior > misuse in examples. That use should be deprecated, and, the block > should be placed in the free pool. > I would not object to placing it low on the priority list of blocks > to be > issued, but, that's 65,536 IPs that should not be left fallow simply > due to prior misuse. > Owen I'm not sure I would classify it as misuse. If IANA assigned it for that purpose that is its use. So, my initial reaction is let it be, we don't need it that bad. But, lets do a little spelunking in historical RFCs. Because that is a really old chunk of IP address space, I should know my organization has 128.101.0.0/16. Which we got even a couple years after the one in question was assigned; First documented in RFC 923 - "ASSIGNED NUMBERS", IANA originally assigned 128.64.0.0 - 128.79.255.255 to Net Dynamics Exp, the contact listed was Zaw-Sing Su, SRI, ZSu at SRI-TSC.ARPA (Now thats an old email address :)). I assume that is Network Dynamics Experiment and in the modern CIDR world that would be 128.64.0.0/12. A little more spelunking I find this excerpt from RFC 898 - "GATEWAY SPECIAL INTEREST GROUP MEETING NOTES" that looks like it might be related; SAC Gateway -- SRI - Su/Lewis Postel: This was a presentation of the design for the gateways to be used in the advanced SAC demo experiments on network partitioning and reconstitution, and communication between intermingiling mobile networks. Much of these demonstrations will be done with packet radio units and networks. Some of the ideas are to use a gateway-centered type of addressing and double encapsulation (i.e., an extra IP header) to route datagrams. Muuss: Network dynamics due to component mobility or failure. Mobile host, reconstitution, partitioning. H/W: 11/23 S/W: Some "C" gateway OS: VMOS (SRI) Gateway-centered addressing, rather than network. Gw host instead of net.host. Double encapsulation: additional IP header. TCP uses addr as an ID, IP uses it as an ADDRESS (-> route) Need to separate these dual uses of this address field. Incremental Routing (next-hop indication) I'm not sure that these are the same thing, but they both sound like cool projects. If anyone can provide some pointers I'd personally be interested in more details. But, enough spelunking in dank dark old RFCs, lets jump a little further forward. Looking at RIPE's Early Registration Transfer Project information, by the way trying ARIN's I get a 404 page. http://www.ripe.net/projects/erx/erx-ip/network-128.html#networks ARIN was transfered 128.64.0.0/16 and 128.66.0.0/16, all the rest of 128.64.0.0/12 I assume stayed with IANA. The only thing I can find in whois now; OrgName: Interop Show Network OrgID: ISN-4 Address: 600 Harrison St City: San Francisco StateProv: CA PostalCode: 94107 Country: US NetRange: 128.64.0.0 - 128.64.255.255 CIDR: 128.64.0.0/16 NetName: SHOWNETB3 NetHandle: NET-128-64-0-0-1 Parent: NET-128-0-0-0-0 NetType: Direct Assignment NameServer: DNS.INTEROP.NET NameServer: SOLARIS.CC.VT.EDU Comment: RegDate: 1991-09-18 Updated: 2003-03-06 Maybe we can get this returned too? So we are talking about maybe re-aggregating a whole /12 if 128.64.0.0/16 and 128.66.0.0/16 were returned to IANA and put in the free pool. A /12 is going to become a very globally significant chunk of IP space very soon now. So I take back my initial reaction and believe that Owen is right, document that 128.66.0.0/16 is no longer considered a test network, raise the word far and wide don't filter 128.66.0.0. Then recover it. Further, should Interop be asked to return 128.64.0.0/16? It should be done very politely, with the utmost diplomacy, if it is asked at all. But, should it be asked? If, so Who? and, How? I've probably added more that a couple cents worth, but Scott did ask for a little history. This is by no means authoritative, I wasn't there, some that actually knows details please speak up. Thanks > On Sep 22, 2009, at 7:46 AM, Jason Schiller wrote: >> On behalf of Ron Bonica, >> >> Folks, >> >> The IETF has recently passed draft-iana-rfc3330bis-08. This draft >> documents the fact that the following address ranges have been >> reserved >> for documentation: >> >> - 192.0.2.0/24 (TEST-NET-1) >> - 198.51.100.0/24 (TEST-NET-2) >> - 203.0.113.0/24 (TEST-NET-3) >> >> In addition, some authors have used 128.66.0.0/16 (TEST-B) for >> example >> purposes. There is no RFC that talks about this block, but my >> understanding is that IANA/ARIN have marked it as reserved. If you >> search the Internet you will find at least some number of examples >> and >> firewall rule sets that use this block, but I have no good idea about >> how widespread such usage is. >> >> What should we do about this block? Some of the potential answers >> include documenting its role, marking it as reserved but >> deprecating its >> use in examples, and returning it to the free pool immediately >> (with a >> warning sign about possible filtering problems). >> >> Comments? >> >> Ron -- =============================================== David Farmer Email:farmer at umn.edu Networking & Telecommunication Services Office of Information Technology University of Minnesota 2218 University Ave SE Phone: 612-626-0815 Minneapolis, MN 55414-3029 Cell: 612-812-9952 =============================================== _______________________________________________ ARIN-Discuss You are receiving this message because you are subscribed to the ARIN Discussion Mailing List (ARIN-discuss at arin.net). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-discuss Please contact info at arin.net if you experience any issues. From spiffnolee at yahoo.com Wed Sep 23 09:40:26 2009 From: spiffnolee at yahoo.com (Lee Howard) Date: Wed, 23 Sep 2009 06:40:26 -0700 (PDT) Subject: [arin-discuss] use of 128.66.0.0/16 not clear In-Reply-To: References: <8BFBBA09-7881-4155-B768-562BF5560BE3@delong.com> <4AB99085.20701@umn.edu> Message-ID: <640218.70341.qm@web63305.mail.re1.yahoo.com> ----- Original Message ---- > From: Michael Hasse > To: arin-discuss at arin.net > Sent: Wednesday, September 23, 2009 1:45:03 AM > Subject: Re: [arin-discuss] use of 128.66.0.0/16 not clear > > Or simply a usage audit of legacy /8s owned by such as duPont, Eli Lily, Ford, > Merck et al. There's more than a few /8s out there that are likely pretty > sparsely implemented. Not to mention ones that have been rolled into other > orgs, e.g. ranges originally assigned to DEC, CSC and others. (How many /8s > does a non-ISP need anyway? Hope I'm not speaking out of turn here...) You're not out of turn at all! Participation is good! What utilization threshold is acceptable? We don't have a policy covering utilization, except when an organization requests additional address space. btw, Board candidates were asked, "What do you feel ARIN?s appropriate role and relationship should be with respect to legacy address space and the holders of legacy address space?" You might be interested in their (our) responses: https://www.arin.net/app/election/questionnaire/?elec_id=15 Read bios, statements of support, and petitions at https://www.arin.net/app/election/ Lee -------------- next part -------------- An HTML attachment was scrubbed... URL: From schiller at uu.net Wed Sep 23 09:52:38 2009 From: schiller at uu.net (Jason Schiller) Date: Wed, 23 Sep 2009 09:52:38 -0400 (EDT) Subject: [arin-discuss] use of 128.66.0.0/16 not clear In-Reply-To: <4AB99085.20701@umn.edu> Message-ID: On Tue, 22 Sep 2009, David Farmer wrote: > The only thing I can find in whois now; > > OrgName: Interop Show Network > OrgID: ISN-4 > Address: 600 Harrison St > City: San Francisco > StateProv: CA > PostalCode: 94107 > Country: US > > NetRange: 128.64.0.0 - 128.64.255.255 > CIDR: 128.64.0.0/16 > NetName: SHOWNETB3 > NetHandle: NET-128-64-0-0-1 > Parent: NET-128-0-0-0-0 > NetType: Direct Assignment > NameServer: DNS.INTEROP.NET > NameServer: SOLARIS.CC.VT.EDU > Comment: > RegDate: 1991-09-18 > Updated: 2003-03-06 > > Maybe we can get this returned too? Looks to me like this space is in use Orignated from: 209 - Qwest 11192, 10949 - Smart City 21882 - Priority Networks It is possible that Interop Show Network gets transit from Qwest, and has some sort of customer relationship with Priority Networks and Smart City who both provide Internet access to hotels and confrence sites. It is even possible that Interop Show Network became a corporation and spun off into both Priority Networks and Smart City. If you have information that this space is either not being used, or has been hi-jacked then you should provide that information to ARIN so they can investigate... __Jason show route 128.64.0.0/16 inet.0: + = Active Route, - = Last Active, * = Both 128.64.0.0/24 *[BGP/170] 7w0d 08:06:43, MED 10, localpref 100, from AS path: 209 I 128.64.1.0/24 *[BGP/170] 7w0d 08:06:43, MED 10, localpref 100, from AS path: 209 I 128.64.2.0/24 *[BGP/170] 7w0d 08:06:43, MED 10, localpref 100, from AS path: 209 I 128.64.128.0/22 *[BGP/170] 22w6d 08:28:41, MED 0, localpref 100, from AS path: 23005 11192 I [BGP/170] 22w6d 08:28:41, MED 0, localpref 100, from AS path: 23005 11192 I 128.64.132.0/23 *[BGP/170] 22w6d 08:28:41, MED 0, localpref 100, from AS path: 23005 11192 I [BGP/170] 22w6d 08:28:41, MED 0, localpref 100, from AS path: 23005 11192 I 128.64.134.0/24 *[BGP/170] 22w6d 08:28:41, MED 0, localpref 100, from AS path: 23005 11192 I [BGP/170] 22w6d 08:28:41, MED 0, localpref 100, from AS path: 23005 11192 I 128.64.135.0/24 *[BGP/170] 9w0d 09:23:14, MED 10, localpref 100, from AS path: 1239 21882 I 128.64.136.0/24 *[BGP/170] 9w0d 09:23:14, MED 10, localpref 100, from AS path: 1239 21882 I 128.64.139.0/24 *[BGP/170] 1d 03:51:44, MED 10, localpref 100, from AS path: 174 10949 I 128.64.142.0/24 *[BGP/170] 22w6d 08:28:41, MED 0, localpref 100, from AS path: 23005 11192 I [BGP/170] 22w6d 08:28:41, MED 0, localpref 100, from AS path: 23005 11192 I 128.64.146.0/23 *[BGP/170] 22w6d 08:28:41, MED 0, localpref 100, from AS path: 23005 11192 I 128.64.156.0/24 *[BGP/170] 1w3d 17:03:19, MED 10, localpref 100, from AS path: 3549 21882 I 128.64.162.0/24 *[BGP/170] 22w6d 08:28:41, MED 0, localpref 100, from AS path: 23005 11192 I [BGP/170] 22w6d 08:28:41, MED 0, localpref 100, from AS path: 23005 11192 I 128.64.163.0/24 *[BGP/170] 1d 03:51:44, MED 10, localpref 100, from AS path: 174 10949 I 128.64.172.0/24 *[BGP/170] 1w5d 06:06:55, MED 10, localpref 100, from AS path: 3549 21882 I 128.64.175.0/24 *[BGP/170] 9w0d 09:23:14, MED 10, localpref 100, from AS path: 1239 21882 I 128.64.176.0/23 *[BGP/170] 1w5d 00:20:33, MED 10, localpref 100, from AS path: 3549 22822 21882 ? 128.64.180.0/24 *[BGP/170] 1w5d 06:06:55, MED 10, localpref 100, from AS path: 3549 21882 I 128.64.192.0/22 *[BGP/170] 1w5d 00:20:33, MED 10, localpref 100, from AS path: 3549 22822 21882 ? 128.64.196.0/24 *[BGP/170] 1w3d 16:14:00, MED 10, localpref 100, from AS path: 3549 21882 I 128.64.211.0/24 *[BGP/170] 9w0d 09:23:14, MED 10, localpref 100, from AS path: 1239 21882 I 128.64.220.0/24 *[BGP/170] 1w5d 06:06:55, MED 10, localpref 100, from AS path: 3549 21882 I > > So we are talking about maybe re-aggregating a whole /12 if > 128.64.0.0/16 and 128.66.0.0/16 were returned to IANA and put in the > free pool. A /12 is going to become a very globally significant chunk > of IP space very soon now. > > So I take back my initial reaction and believe that Owen is right, > document that 128.66.0.0/16 is no longer considered a test network, > raise the word far and wide don't filter 128.66.0.0. Then recover it. > > Further, should Interop be asked to return 128.64.0.0/16? > > It should be done very politely, with the utmost diplomacy, if it is > asked at all. But, should it be asked? If, so Who? and, How? > From scottleibrand at gmail.com Wed Sep 23 09:58:33 2009 From: scottleibrand at gmail.com (Scott Leibrand) Date: Wed, 23 Sep 2009 08:58:33 -0500 Subject: [arin-discuss] use of 128.66.0.0/16 not clear In-Reply-To: References: Message-ID: <9C3FB72E-DB87-4730-B253-E1D05C8C0528@gmail.com> I know a couple folks who do volunteer network setup for Interop shows, and I know they do still use this space then. Not sure what it's used for in between shows, and no idea how much less space they could get away with if needed... -Scott On Sep 23, 2009, at 8:52 AM, Jason Schiller wrote: > On Tue, 22 Sep 2009, David Farmer wrote: > >> The only thing I can find in whois now; >> >> OrgName: Interop Show Network >> OrgID: ISN-4 >> Address: 600 Harrison St >> City: San Francisco >> StateProv: CA >> PostalCode: 94107 >> Country: US >> >> NetRange: 128.64.0.0 - 128.64.255.255 >> CIDR: 128.64.0.0/16 >> NetName: SHOWNETB3 >> NetHandle: NET-128-64-0-0-1 >> Parent: NET-128-0-0-0-0 >> NetType: Direct Assignment >> NameServer: DNS.INTEROP.NET >> NameServer: SOLARIS.CC.VT.EDU >> Comment: >> RegDate: 1991-09-18 >> Updated: 2003-03-06 >> >> Maybe we can get this returned too? > > Looks to me like this space is in use Orignated from: > 209 - Qwest > 11192, 10949 - Smart City > 21882 - Priority Networks > > It is possible that Interop Show Network gets transit from Qwest, > and has > some sort of customer relationship with Priority Networks and Smart > City > who both provide Internet access to hotels and confrence sites. It is > even possible that Interop Show Network became a corporation and > spun off > into both Priority Networks and Smart City. > > If you have information that this space is either not being used, or > has > been hi-jacked then you should provide that information to ARIN so > they > can investigate... > > __Jason > > > show route 128.64.0.0/16 > inet.0: > + = Active Route, - = Last Active, * = Both > > 128.64.0.0/24 *[BGP/170] 7w0d 08:06:43, MED 10, localpref 100, > from > AS path: 209 I > 128.64.1.0/24 *[BGP/170] 7w0d 08:06:43, MED 10, localpref 100, > from > AS path: 209 I > 128.64.2.0/24 *[BGP/170] 7w0d 08:06:43, MED 10, localpref 100, > from > AS path: 209 I > 128.64.128.0/22 *[BGP/170] 22w6d 08:28:41, MED 0, localpref 100, > from > AS path: 23005 11192 I > [BGP/170] 22w6d 08:28:41, MED 0, localpref 100, > from > AS path: 23005 11192 I > 128.64.132.0/23 *[BGP/170] 22w6d 08:28:41, MED 0, localpref 100, > from > AS path: 23005 11192 I > [BGP/170] 22w6d 08:28:41, MED 0, localpref 100, > from > AS path: 23005 11192 I > 128.64.134.0/24 *[BGP/170] 22w6d 08:28:41, MED 0, localpref 100, > from > AS path: 23005 11192 I > [BGP/170] 22w6d 08:28:41, MED 0, localpref 100, > from > AS path: 23005 11192 I > 128.64.135.0/24 *[BGP/170] 9w0d 09:23:14, MED 10, localpref 100, > from > AS path: 1239 21882 I > 128.64.136.0/24 *[BGP/170] 9w0d 09:23:14, MED 10, localpref 100, > from > AS path: 1239 21882 I > 128.64.139.0/24 *[BGP/170] 1d 03:51:44, MED 10, localpref 100, from > AS path: 174 10949 I > 128.64.142.0/24 *[BGP/170] 22w6d 08:28:41, MED 0, localpref 100, > from > AS path: 23005 11192 I > [BGP/170] 22w6d 08:28:41, MED 0, localpref 100, > from > AS path: 23005 11192 I > 128.64.146.0/23 *[BGP/170] 22w6d 08:28:41, MED 0, localpref 100, > from > AS path: 23005 11192 I > 128.64.156.0/24 *[BGP/170] 1w3d 17:03:19, MED 10, localpref 100, > from > AS path: 3549 21882 I > 128.64.162.0/24 *[BGP/170] 22w6d 08:28:41, MED 0, localpref 100, > from > AS path: 23005 11192 I > [BGP/170] 22w6d 08:28:41, MED 0, localpref 100, > from > AS path: 23005 11192 I > 128.64.163.0/24 *[BGP/170] 1d 03:51:44, MED 10, localpref 100, from > AS path: 174 10949 I > 128.64.172.0/24 *[BGP/170] 1w5d 06:06:55, MED 10, localpref 100, > from > AS path: 3549 21882 I > 128.64.175.0/24 *[BGP/170] 9w0d 09:23:14, MED 10, localpref 100, > from > AS path: 1239 21882 I > 128.64.176.0/23 *[BGP/170] 1w5d 00:20:33, MED 10, localpref 100, > from > AS path: 3549 22822 21882 ? > 128.64.180.0/24 *[BGP/170] 1w5d 06:06:55, MED 10, localpref 100, > from > AS path: 3549 21882 I > 128.64.192.0/22 *[BGP/170] 1w5d 00:20:33, MED 10, localpref 100, > from > AS path: 3549 22822 21882 ? > 128.64.196.0/24 *[BGP/170] 1w3d 16:14:00, MED 10, localpref 100, > from > AS path: 3549 21882 I > 128.64.211.0/24 *[BGP/170] 9w0d 09:23:14, MED 10, localpref 100, > from > AS path: 1239 21882 I > 128.64.220.0/24 *[BGP/170] 1w5d 06:06:55, MED 10, localpref 100, > from > AS path: 3549 21882 I > > >> >> So we are talking about maybe re-aggregating a whole /12 if >> 128.64.0.0/16 and 128.66.0.0/16 were returned to IANA and put in the >> free pool. A /12 is going to become a very globally significant >> chunk >> of IP space very soon now. >> >> So I take back my initial reaction and believe that Owen is right, >> document that 128.66.0.0/16 is no longer considered a test network, >> raise the word far and wide don't filter 128.66.0.0. Then recover >> it. >> >> Further, should Interop be asked to return 128.64.0.0/16? >> >> It should be done very politely, with the utmost diplomacy, if it is >> asked at all. But, should it be asked? If, so Who? and, How? >> > > > _______________________________________________ > ARIN-Discuss > You are receiving this message because you are subscribed to > the ARIN Discussion Mailing List (ARIN-discuss at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-discuss > Please contact info at arin.net if you experience any issues. From farmer at umn.edu Wed Sep 23 10:34:58 2009 From: farmer at umn.edu (David Farmer) Date: 23 Sep 2009 09:34:58 -0500 Subject: [arin-discuss] use of 128.66.0.0/16 not clear In-Reply-To: References: Message-ID: On Sep 23 2009, Jason Schiller wrote: >On Tue, 22 Sep 2009, David Farmer wrote: > >> The only thing I can find in whois now; >> >> OrgName: Interop Show Network >> OrgID: ISN-4 >> Address: 600 Harrison St >> City: San Francisco >> StateProv: CA >> PostalCode: 94107 >> Country: US >> >> NetRange: 128.64.0.0 - 128.64.255.255 >> CIDR: 128.64.0.0/16 >> NetName: SHOWNETB3 >> NetHandle: NET-128-64-0-0-1 >> Parent: NET-128-0-0-0-0 >> NetType: Direct Assignment >> NameServer: DNS.INTEROP.NET >> NameServer: SOLARIS.CC.VT.EDU >> Comment: >> RegDate: 1991-09-18 >> Updated: 2003-03-06 >> >> Maybe we can get this returned too? > >Looks to me like this space is in use Orignated from: > 209 - Qwest >11192, 10949 - Smart City >21882 - Priority Networks > >It is possible that Interop Show Network gets transit from Qwest, and has >some sort of customer relationship with Priority Networks and Smart City >who both provide Internet access to hotels and confrence sites. It is >even possible that Interop Show Network became a corporation and spun off >into both Priority Networks and Smart City. > >If you have information that this space is either not being used, or has >been hi-jacked then you should provide that information to ARIN so they >can investigate... I'm not implying anything of the kind, I believe that Interop is using their address space for the purposes intended. Furthermore, Interop historically played an extremely important role in the development of the Internet. Without Interop the Internet may not have become what it is today. However, given the nature of Interop, mostly running trade shows I believe, may provide them flexibility beyond normal enterprise or provider networks. I really think a witch hunt, where we go around accusing people of under utilizing, not utilizing, or improperly utilizing address space is counter productive. That said I do think the community should be looking for strategic opportunities to recover or rearrange address space. My only intent was to ask if this could be one of those strategic opportunities, and if it is, as a community how should we go about it. I don't think the community has the right to expect Interop, or anyone else, to return address space that they are using, or even expect them to move to different address space. However, in some cases it might not be improper for the community to ask, especially when strategic opportunities present themselves. From bross at xiocom.com Wed Sep 23 10:51:22 2009 From: bross at xiocom.com (Brandon Ross) Date: Wed, 23 Sep 2009 10:51:22 -0400 (EDT) Subject: [arin-discuss] use of 128.66.0.0/16 not clear In-Reply-To: References: Message-ID: On Wed, 23 Sep 2009, Jason Schiller wrote: > It is possible that Interop Show Network gets transit from Qwest, and has > some sort of customer relationship with Priority Networks and Smart City > who both provide Internet access to hotels and confrence sites. It is > even possible that Interop Show Network became a corporation and spun off > into both Priority Networks and Smart City. > > If you have information that this space is either not being used, or has > been hi-jacked then you should provide that information to ARIN so they > can investigate... I am, and have been one of those volunteers for Interop for a long time. I can tell you for certain that this space is not hijacked or used improperly. Interop works closely with Priority and Smart City often. I am not an employee of Interop so I can't officially speak for them, but I can assure you that the space is not being abused. -- Brandon Ross AIM: BrandonNRoss Director of Network Engineering ICQ: 2269442 Xiocom Wireless Skype: brandonross Yahoo: BrandonNRoss From jcurran at arin.net Wed Sep 23 12:45:02 2009 From: jcurran at arin.net (John Curran) Date: Wed, 23 Sep 2009 12:45:02 -0400 Subject: [arin-discuss] use of 128.66.0.0/16 not clear In-Reply-To: References: Message-ID: On Sep 23, 2009, at 10:51 AM, Brandon Ross wrote: > > I am, and have been one of those volunteers for Interop for a long > time. I can tell you for certain that this space is not hijacked or > used improperly. Interop works closely with Priority and Smart City > often. > > I am not an employee of Interop so I can't officially speak for > them, but I can assure you that the space is not being abused. Brandon - Thanks for that response; I'd like to follow up with some questions about requirements and utilization, and rather than have you stuck in the middle, I'd appreciate it if you could point me to anyone at Interop that would be more appropriate... Thanks again! /John John Curran President and CEO ARIN From bross at xiocom.com Wed Sep 23 12:51:28 2009 From: bross at xiocom.com (Brandon Ross) Date: Wed, 23 Sep 2009 12:51:28 -0400 (EDT) Subject: [arin-discuss] use of 128.66.0.0/16 not clear In-Reply-To: References: Message-ID: On Wed, 23 Sep 2009, John Curran wrote: > Thanks for that response; I'd like to follow up with some questions > about requirements and utilization, and rather than have you stuck in > the middle, I'd appreciate it if you could point me to anyone at > Interop that would be more appropriate... The RTech contact on the records is correct, he would be the best place to start. I've already forwarded him some of this thread. -- Brandon Ross AIM: BrandonNRoss Director of Network Engineering ICQ: 2269442 Xiocom Wireless Skype: brandonross Yahoo: BrandonNRoss From tedm at ipinc.net Wed Sep 23 13:51:20 2009 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Wed, 23 Sep 2009 10:51:20 -0700 Subject: [arin-discuss] [arin-ppml] Advisory Council Position Petitions? In-Reply-To: <79E4D32F-2940-4587-A49C-DEA9C053E025@arin.net> References: <20090922200915.GA14735@ussenterprise.ufp.org> <79E4D32F-2940-4587-A49C-DEA9C053E025@arin.net> Message-ID: <4ABA6018.90709@ipinc.net> John, Sorry for the top post, The problem here is going to hinge around this: "...The NomCom selects those nominees that is feels are most qualified and builds a ballot for each election..." Without even a general specification of the criteria the Nominating Committee is using, it is perfectly understandable that some individuals who were excluded would naturally be frustrated at why they were excluded. I have also seen a similar process used for not only other Internet organizations in their selections, but also for many other types of 503(c) organizations. In my opinion the level of transparency of this process has a huge effect on the support for the organization. ARIN is in a unique position here compared to your run-of-the-mill Internet organization, because dissatisfied individuals simply cannot run away; ARIN is the only org that does what it does. ARIN therefore lacks the self-selecting safety valve that another org does which uses an opaque selection process. People cannot "vote with their feet" with ARIN. An "Internet Organization" like for example the IETF can act like a feudal keep if they want, since if you don't like what they are doing you can just create your own "standard" and ignore them or find some other, more pliant "standards body" that will do what you want and lend a veneer of respectability on what your doing. We are perfectly familiar with examples of vendors that routinely do this so I won't belabor the point further. I would submit that your paragraph explaining the nomcom selection process is very disappointing with the amount of transparency in it, and I am alarmed at phrases like "consideration of each candidate in closed session". As long as the nomcom was simply rubber-stamping applications to be a candidate, the underlying problem with using an opaque candidate selection process was essentially masked, but if the nomcom is going to flex it's authority to deny candidates, without increasing transparency of the selection process, I suspect ARIN is going to create completely unnecessary and distracting controversy. I would recommend that it's imperative that the NomCom produce an objective summary of what they feel constitutes a qualified candidate. It is also important to keep in mind that these are only candidates - the NomCom needs to trust that the membership doing the voting has the wisdom to select the most qualified candidates during the election. Ted John Curran wrote: > On Sep 22, 2009, at 4:09 PM, Leo Bicknell wrote: >> Yesterday there was one petition for an AC member. Today there's >> an additional petition, and a note from Marty to arin-discuss. ... >> I've moved to PPML as I think the people who interact with the AC >> the most, and care the most about who is on the AC are on PPML, not >> arin-discuss. >> >> Marty's message suggests multiple people were excluded from running >> for some reason, and we now have two petitions that seem to back >> up that assertion. Are there going to be more petitions? Can someone >> explain what happened? > > > Leo - > > The NomCom is chartered with delivering a sufficient ballot for each > election. The ARIN Bylaws specify that such a ballot shall consist of > the number of seats being filled + 1 as a minimum. There is no > maximum specified, nor any requirement to deliver all candidates to > the ballot. The NomCom selects those nominees that is feels are most > qualified and builds a ballot for each election. There is no > assurance of selection, even if that has been the practice in the past. > > This is exactly how the NomCom process was set up to function, as it > was considered far better than the Board selecting new BoT and AC > members (as in ARIN's original Bylaws) but still allowed for in-depth > consideration of each candidate in closed session. This process, by > the way, is materially the same one used by other Internet > organizations in their selection process. The availability of a > petition process is felt to be reasonable safety value to insure that > candidates who feel that they are well-qualified despite the NomCom > recommendation may take the matter to the community. > > I welcome any and all suggestions for improvement of the process, but > Marty was correct that this is not a matter of Internet number > resource policy, so please send suggestions to me directly or to "arin- > discuss" as desired. > > /John > > John Curran > President and CEO > ARIN > _______________________________________________ > PPML > You are receiving this message because you are subscribed to > the ARIN Public Policy Mailing List (ARIN-PPML at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-ppml > Please contact info at arin.net if you experience any issues. From jcurran at arin.net Wed Sep 23 14:07:05 2009 From: jcurran at arin.net (John Curran) Date: Wed, 23 Sep 2009 14:07:05 -0400 Subject: [arin-discuss] [arin-ppml] Advisory Council Position Petitions? In-Reply-To: <4ABA6018.90709@ipinc.net> References: <20090922200915.GA14735@ussenterprise.ufp.org> <79E4D32F-2940-4587-A49C-DEA9C053E025@arin.net> <4ABA6018.90709@ipinc.net> Message-ID: On Sep 23, 2009, at 1:51 PM, Ted Mittelstaedt wrote: > ... > ARIN is in a unique position here compared to your > run-of-the-mill Internet organization, because > dissatisfied individuals simply cannot run away; ARIN is the > only org that does what it does. ARIN therefore lacks the > self-selecting safety valve that another org > does which uses an opaque selection process. People cannot > "vote with their feet" with ARIN. ... Ted - As presently envisioned in the Bylaws, the safety value is the petition process. This replaced the process in the original Bylaws whereby the Board and AC replacements were simply appointed by the Board. > .. > I would recommend that it's imperative that the NomCom > produce an objective summary of what they feel constitutes a qualified > candidate. It is also important to keep in mind that these are > only candidates - the NomCom needs to trust that the membership > doing the voting has the wisdom to select the most qualified > candidates during the election. I have received suggestions that the NomCom should simply express a public opinion of support/no support for each candidate, but move all nominees to the ballot for sake of transparency. This would still allow the membership to have the final judgement, but allow some deliberation of stated qualifications by a NomCom with a cross-section of views on the organization's needs. Would this provide a reasonable balance between these needs? /John John Curran President and CEO ARIN From mahannig at akamai.com Wed Sep 23 14:15:04 2009 From: mahannig at akamai.com (Hannigan, Martin) Date: Wed, 23 Sep 2009 14:15:04 -0400 Subject: [arin-discuss] [arin-ppml] Advisory Council Position Petitions? In-Reply-To: <4ABA6018.90709@ipinc.net> Message-ID: On 9/23/09 1:51 PM, "Ted Mittelstaedt" wrote: Speaking for myself.. > John, > > Sorry for the top post, > > The problem here is going to hinge around this: > > "...The NomCom selects those nominees that is feels are most > qualified and builds a ballot for each election..." > > Without even a general specification of the criteria the > Nominating Committee is using, it is perfectly understandable > that some individuals who were excluded would naturally be > frustrated at why they were excluded. I raised the issue on -discuss because I felt that it was disappointing that such a dramatic change in process, midstream, would occur a) without prior notice and b) with weak justification. As I understand it, the justification to take this action was based on the volume of candidates and the resulting time that it would take for each to present themselves in Dearborn. I suggest that there were other steps that could have been taken to mitigate time requirements without cutting any "eligible" candidates. [ clip ] > > I would recommend that it's imperative that the NomCom > produce an objective summary of what they feel constitutes a qualified > candidate. It is also important to keep in mind that these are > only candidates - the NomCom needs to trust that the membership > doing the voting has the wisdom to select the most qualified > candidates during the election. I would add that the BoT could consider reversing this action and instead address the time issue since that was the only issue raised supporting this turn of events. Best Regards, -M< From rs at seastrom.com Wed Sep 23 14:33:22 2009 From: rs at seastrom.com (Robert E. Seastrom) Date: Wed, 23 Sep 2009 14:33:22 -0400 Subject: [arin-discuss] use of 128.66.0.0/16 not clear In-Reply-To: (Michael Hasse's message of "Tue, 22 Sep 2009 22:45:03 -0700") References: <8BFBBA09-7881-4155-B768-562BF5560BE3@delong.com> <4AB99085.20701@umn.edu> Message-ID: <863a6d7bpp.fsf@seastrom.com> Michael Hasse writes: > Or simply a usage audit of legacy /8s owned by such as duPont, Eli > Lily, Ford, Merck et al. There's more than a few /8s out there that > are likely pretty sparsely implemented. Not to mention ones that have > been rolled into other orgs, e.g. ranges originally assigned to DEC, > CSC and others. (How many /8s does a non-ISP need anyway? Hope I'm > not speaking out of turn here...) Even if your premise is correct is it worth the work? Having worked in multiple organizations that did no NAT whatsoever and being intimately familiar with the advantage of having globally unique addresses everywhere and having organization's firewalls only determine reachability policy, I have to conclude that in the absence of a shortage-based constraint, there is no reason that the organizations you list above *wouldn't* have globally unique addresses on the desktop. This is particularly true when one is doing a lot of EDI and interconnection with partner networks... look at the list of companies with /8s and you may see a pattern there. I suspect we're orders of magnitude apart in terms of what you and I would expect to see in terms of host population on globally unique addresses, and certainly not neatly placed such that all but a sliver of the network could be removed without a huge renumbering effort... Anyway, I'm not trying to be flippant here with my original question. Each /8 equivalent that we manage to claw back, if returned to the free pool (which is not a foregone conclusion but bear with me here) staves off free pool exhaustion by 24 days, more or less. If we manage to push off the exhaustion date by five or six months, what have we accomplished? Would that effort not have been better spent on advancing the cause of IPv6, or developing interoperability standards for carrier-grade NAT, or whatever your vision for salvation in a post-IPv4-runout world is? -r From tedm at ipinc.net Wed Sep 23 16:11:19 2009 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Wed, 23 Sep 2009 13:11:19 -0700 Subject: [arin-discuss] [arin-ppml] Advisory Council Position Petitions? In-Reply-To: References: <20090922200915.GA14735@ussenterprise.ufp.org> <79E4D32F-2940-4587-A49C-DEA9C053E025@arin.net> <4ABA6018.90709@ipinc.net> Message-ID: <4ABA80E7.7020004@ipinc.net> John Curran wrote: > On Sep 23, 2009, at 1:51 PM, Ted Mittelstaedt wrote: >> ... >> ARIN is in a unique position here compared to your >> run-of-the-mill Internet organization, because >> dissatisfied individuals simply cannot run away; ARIN is the >> only org that does what it does. ARIN therefore lacks the >> self-selecting safety valve that another org >> does which uses an opaque selection process. People cannot >> "vote with their feet" with ARIN. ... > > Ted - As presently envisioned in the Bylaws, the safety value is the > petition process. This replaced the process in the original Bylaws > whereby the Board and AC replacements were simply appointed by the > Board. > >> .. >> I would recommend that it's imperative that the NomCom >> produce an objective summary of what they feel constitutes a qualified >> candidate. It is also important to keep in mind that these are >> only candidates - the NomCom needs to trust that the membership >> doing the voting has the wisdom to select the most qualified >> candidates during the election. > > I have received suggestions that the NomCom should simply express a > public opinion of support/no support for each candidate, but move all > nominees to the ballot for sake of transparency. This would still > allow the membership to have the final judgement, but allow some > deliberation of stated qualifications by a NomCom with a cross-section > of views on the organization's needs. Would this provide a reasonable > balance between these needs? > My preference would be that the NomCom either justify why they didn't place someone on the ballot, or provide a criteria set and reject candidates that didn't reasonably meet the criteria set. I wouldn't favor removing veto power of the NomCom over a candidate. Even in the United States political system, the various secretary of states of different states have the authority to deny a prospective candidate. Typical criteria used is if the candidate isn't a citizen of the country, doesn't have a residence in the area they are trying to represent, etc. The problem isn't in disqualifying a would-be candidate, the problem is doing so using opaque criteria since there's no way for the NomCom to defend opaque criteria against charges of favoritism. Ted From jcurran at arin.net Wed Sep 23 16:21:13 2009 From: jcurran at arin.net (John Curran) Date: Wed, 23 Sep 2009 16:21:13 -0400 Subject: [arin-discuss] [arin-ppml] Advisory Council Position Petitions? In-Reply-To: <4ABA80E7.7020004@ipinc.net> References: <20090922200915.GA14735@ussenterprise.ufp.org> <79E4D32F-2940-4587-A49C-DEA9C053E025@arin.net> <4ABA6018.90709@ipinc.net> <4ABA80E7.7020004@ipinc.net> Message-ID: <127DE69A-A624-4A79-AFDC-C46E8CDC03A7@arin.net> Ted - You're thinking of the NomCom purely in the credential validation role, and that's not its only purpose as presently chartered. It could easily be made such, but that's a different model than we have today. /John On Sep 23, 2009, at 4:08 PM, "Ted Mittelstaedt" wrote: > > I wouldn't favor removing veto power of the NomCom over a candidate. > Even in the United States political system, the various secretary of > states of different states have the authority to deny a prospective > candidate. Typical criteria used is if the candidate isn't a > citizen of > the country, doesn't have a residence in the area they are trying to > represent, etc. From josmon at rigozsaurus.com Wed Sep 23 15:47:41 2009 From: josmon at rigozsaurus.com (John Osmon) Date: Wed, 23 Sep 2009 13:47:41 -0600 Subject: [arin-discuss] [arin-ppml] Advisory Council Position Petitions? In-Reply-To: References: <20090922200915.GA14735@ussenterprise.ufp.org> <79E4D32F-2940-4587-A49C-DEA9C053E025@arin.net> <4ABA6018.90709@ipinc.net> Message-ID: <20090923194741.GG30445@jeeves.rigozsaurus.com> On Wed, Sep 23, 2009 at 02:07:05PM -0400, John Curran wrote: [...] > I have received suggestions that the NomCom should simply express a > public opinion of support/no support for each candidate, but move all > nominees to the ballot for sake of transparency. This would still > allow the membership to have the final judgement, but allow some > deliberation of stated qualifications by a NomCom with a cross-section > of views on the organization's needs. Would this provide a reasonable > balance between these needs? I think that the process *appears* to have changed mid-stream -- even if it hasn't done so in reality. Moving the candidates forward for transparency would probably be a good move at this time. It would cover a number of issues simultaneously: - members now know the NomCom has such power in elections (even if it wasn't used in the past) - it keeps *this* election in line with what others have come to expect (even if it is the last one) - it allows everyone time to discuss the situation and determine if a policy change is required I was about to reply to Ted's e-mail suggesting all DRMs "sign" the petitions for all candidates -- mostly to bring about the outcome you describe. I'm glad your e-mail arrived before I sent that out. Then again, I haven't heard a lot of chatter on the list, so perhaps I'm in a minority in wanting to see this election commence as others have in the past... From tedm at ipinc.net Wed Sep 23 16:36:14 2009 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Wed, 23 Sep 2009 13:36:14 -0700 Subject: [arin-discuss] [arin-ppml] Advisory Council Position Petitions? In-Reply-To: <4ABA67F7.6080609@ttec.com> References: <20090922200915.GA14735@ussenterprise.ufp.org> <79E4D32F-2940-4587-A49C-DEA9C053E025@arin.net> <4ABA6018.90709@ipinc.net> <4ABA67F7.6080609@ttec.com> Message-ID: <4ABA86BE.7080907@ipinc.net> Joe Maimon wrote: > > > Ted Mittelstaedt wrote: > >> John, >> >> >> "...The NomCom selects those nominees that is feels are most >> qualified and builds a ballot for each election..." >> >> Without even a general specification of the criteria the >> Nominating Committee is using, it is perfectly understandable >> that some individuals who were excluded would naturally be >> frustrated at why they were excluded. > > This is what the petition process is for. I believe we should give it a > chance to work. > I am not stating a position for or against the petition process. The petition process is completely tangential to the point I've raised here. >> >> I have also seen a similar process used for not only other >> Internet organizations in their selections, but also for many >> other types of 503(c) organizations. >> >> In my opinion the level of transparency of this process has >> a huge effect on the support for the organization. > > Without a petition process, I might agree with you, even as much as the > committee is comprised of community volunteers. Otherwise, I think its > far less an issue. > The RIR system only works because every admin on the Internet agrees that it's a Good Thing and we all work together to make it work. ARIN's hold over IP assignments is far far more tenuous than that of the roots over the DNS system. The DNS system how has a veneer of international law that supports it, based on the copyright agreements among countries. IP addressing by contrast has no such "teeth" If enough admins on the Internet voluntarily decide the RIR's are full of shit, and just use whatever IP addressing they feel like, there's nothing to stop them. Additionally, ARIN is trying to use it's moral authority to get all those admins on the Internet to voluntarily adopt IPv6. That isn't going to work if the same people ARIN is trying to push to use IPv6 are pissed off at ARIN for being capricious and arbitrary. Your attempting to make the argument that community support for ARIN is not important. I don't subscribe to this and I won't subscribe to it. That argument is an "us vs them" paradigm that simply will not allow ARIN's goals to be accomplished. We are all married to ARIN and as they say, happy wife, happy life. >> >> ARIN is in a unique position here compared to your >> run-of-the-mill Internet organization, because >> dissatisfied individuals simply cannot run away; ARIN is the >> only org that does what it does. ARIN therefore lacks the >> self-selecting safety valve that another org >> does which uses an opaque selection process. People cannot >> "vote with their feet" with ARIN. > > En masse, they could. Or it could happen by fiat. I believe(hope?) ARIN > is well aware of the icebergs they need to navigate around. > I don't believe they are otherwise they would not have made the mistake of cutting off the "sunset clause" from a recent policy proposal and generating a huge flood of anger from many many members. In fact I will go so far as to say that not only do -I- not think they are, -THEY- don't think they are - otherwise John wouldn't be ASKING for opinions. And for this I am glad because that otherwise would be a mark of hubris. > Not to mention how much dirty laundry is aired regularly here. > >> >> I would submit that your paragraph explaining the nomcom selection >> process is very disappointing with the amount of transparency >> in it, and I am alarmed at phrases like "consideration of each >> candidate in closed session". >> >> As long as the nomcom was simply rubber-stamping applications to >> be a candidate, the underlying problem with using an opaque >> candidate selection process was essentially masked, but if the >> nomcom is going to flex it's authority to deny candidates, without >> increasing transparency of the selection process, I suspect ARIN >> is going to create completely unnecessary and distracting controversy. > > This would be the distracting controversy. > > I put forth that having a flood of under-vetted candidates without clear > community support would be worse. > How exactly does increasing the transparency of the criteria the NomCom uses going to do this? >> >> I would recommend that it's imperative that the NomCom >> produce an objective summary of what they feel constitutes a qualified >> candidate. > > I dont consider it imperative, but perhaps it would be nice. However, it > might just serve to fan more controversy. > And "in-depth consideration of each candidate in closed session" is going to generate -less-? > >> It is also important to keep in mind that these are >> only candidates - the NomCom needs to trust that the membership >> doing the voting has the wisdom to select the most qualified >> candidates during the election. > > I personally dont think I could handle much more than the current number > of applicants while trying to properly vote on their merits. > > Less might even be better. > Once again, please explain how exactly does increasing the transparency of the criteria the NomCom uses going to do this? > Since you seem to feel otherwise, you should probably go and place your > support for the petitioners. > I think you missed the point of my remarks. I will try to say it more succinctly. I don't have a problem with the NomCom disqualifying candidates for whatever reason. I do have a huge problem when those "whatever reason" is shrouded in secrecy. As of now we still don't know what criteria was used by the NomCom to deny the 2 candidacies. Someone prove to me, in the absence of transparency, that they simply didn't just hang the candidate list in front of a dartboard and throw darts at it. Ted From tedm at ipinc.net Wed Sep 23 16:41:14 2009 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Wed, 23 Sep 2009 13:41:14 -0700 Subject: [arin-discuss] [arin-ppml] Advisory Council Position Petitions? In-Reply-To: <127DE69A-A624-4A79-AFDC-C46E8CDC03A7@arin.net> References: <20090922200915.GA14735@ussenterprise.ufp.org> <79E4D32F-2940-4587-A49C-DEA9C053E025@arin.net> <4ABA6018.90709@ipinc.net> <4ABA80E7.7020004@ipinc.net> <127DE69A-A624-4A79-AFDC-C46E8CDC03A7@arin.net> Message-ID: <4ABA87EA.1090909@ipinc.net> That's another possibly even better reason for increasing the NomCom transparency, don't you think? Education of their roles! ;-) Ted John Curran wrote: > Ted - > > You're thinking of the NomCom purely in the credential validation > role, and that's not its only purpose as presently chartered. It > could easily be made such, but that's a different model than we have > today. > > /John > > On Sep 23, 2009, at 4:08 PM, "Ted Mittelstaedt" wrote: > >> I wouldn't favor removing veto power of the NomCom over a candidate. >> Even in the United States political system, the various secretary of >> states of different states have the authority to deny a prospective >> candidate. Typical criteria used is if the candidate isn't a >> citizen of >> the country, doesn't have a residence in the area they are trying to >> represent, etc. > From jcurran at arin.net Wed Sep 23 17:47:03 2009 From: jcurran at arin.net (John Curran) Date: Wed, 23 Sep 2009 17:47:03 -0400 Subject: [arin-discuss] [arin-ppml] Advisory Council Position Petitions? In-Reply-To: <4ABA86BE.7080907@ipinc.net> References: <20090922200915.GA14735@ussenterprise.ufp.org> <79E4D32F-2940-4587-A49C-DEA9C053E025@arin.net> <4ABA6018.90709@ipinc.net> <4ABA67F7.6080609@ttec.com> <4ABA86BE.7080907@ipinc.net> Message-ID: On Sep 23, 2009, at 4:36 PM, Ted Mittelstaedt wrote: > ... > I don't have a problem with the NomCom disqualifying candidates for > whatever reason. > > I do have a huge problem when those "whatever reason" is shrouded in > secrecy. Ted - Disqualification based on the hard criteria isn't the problem (and isn't necessarily the job of the NomCom). For example, if someone is works for another RIR, they may not serve as an ARIN AC or Board member. Unless they're planning to change jobs upon election, there will be a hard conflict. The bylaws lay out a handful of structural conflict-of-interest items, but these are factual in nature and do not require the NomCom in order for them to be adequately addressed. The issue is with the "evaluation of Nominees' experiences and qualifications" (per NomCom charter). I will outline some purely hypothetical situations and how they might be handled under the current process: 1) A nominee for the AC indicates that they'd like to serve, but they also note that they operate a business which depends on availability of WHOIS data to function. They tell the NomCom that they intend to recuse themselves from WHOIS policy discussions, to prevent potential material conflict of interest. The NomCom sees that quite a bit of the upcoming discussions in the next three years will relate to WHOIS policy, and feel that the nominee will be impaired, but not fatally so. In a situation with insufficient nominations, they decide to put the nominee on the AC slate. In a situation with more nominees, they'd certainly omit the nominee from the slate. 2) A nominee for the Board indicates that they've got enough time to serve, based on the written description of trustee demands. The nominee's worried that it might be tight in terms of time commitment but otherwise manageable as long as "The Big Contract" that they bid on doesn't get awarded to them. The nominee says confidentially that it's really a remote chance, since the following well-known firms are competing for it: XYZ, ABC, QED, but if the award does happen they will have to resign. The NomCom considers this, and given the dearth of other candidates either decides it is a reasonable or an unreasonable risk to add to the Board slate given their potential to resign mid-term. I agree that the current NomCom doesn't provide insight into its prioritization of the candidates, but I'm not certain how it could in some circumstances (circumstances which are more common than one would expect). Making the NomCom a body which simply approves all Nominees (unless completely defective) means we lose the "evaluation" portion of its charter. Hence, the suggestion that all nominees get carried forward, but the Nomcom provides (or not) its endorsement of the nominee based on their ability to serve productively. Other suggestions are welcome, including the possibility of having the community vote on candidates without having consideration of any information from the candidate which would need to be treated in confidence. Thoughts? /John John Curran President and CEO ARIN From mahannig at akamai.com Wed Sep 23 18:13:55 2009 From: mahannig at akamai.com (Hannigan, Martin) Date: Wed, 23 Sep 2009 18:13:55 -0400 Subject: [arin-discuss] [arin-ppml] Advisory Council Position Petitions? In-Reply-To: <4ABA86BE.7080907@ipinc.net> Message-ID: On 9/23/09 4:36 PM, "Ted Mittelstaedt" wrote: > Joe Maimon wrote: >> >> >> Ted Mittelstaedt wrote: >> > > [ snip ] > > As of now we still don't know what criteria was used by the NomCom > to deny the 2 candidacies. Someone prove to me, in the absence of > transparency, that they simply didn't just hang the candidate list in > front of a dartboard and throw darts at it. > We only have two people using the petition process. We don't know how many candidates were denied. It's at least two, possibly as many as $num. Best, -M< -- Martin Hannigan http://www.akamai.com Akamai Technologies, Inc. marty at akamai.com Cambridge, MA USA cell: +16178216079 ofc: +16174442535 From tedm at ipinc.net Wed Sep 23 18:46:02 2009 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Wed, 23 Sep 2009 15:46:02 -0700 Subject: [arin-discuss] [arin-ppml] Advisory Council Position Petitions? In-Reply-To: References: <20090922200915.GA14735@ussenterprise.ufp.org> <79E4D32F-2940-4587-A49C-DEA9C053E025@arin.net> <4ABA6018.90709@ipinc.net> <4ABA67F7.6080609@ttec.com> <4ABA86BE.7080907@ipinc.net> Message-ID: <4ABAA52A.8060407@ipinc.net> John Curran wrote: > On Sep 23, 2009, at 4:36 PM, Ted Mittelstaedt wrote: >> ... >> I don't have a problem with the NomCom disqualifying candidates for >> whatever reason. >> >> I do have a huge problem when those "whatever reason" is shrouded in >> secrecy. > > Ted - > > Disqualification based on the hard criteria isn't the problem (and > isn't necessarily the job of the NomCom). For example, if someone is > works for another RIR, they may not serve as an ARIN AC or Board > member. Unless they're planning to change jobs upon election, there > will be a hard conflict. The bylaws lay out a handful of structural > conflict-of-interest items, but these are factual in nature and do not > require the NomCom in order for them to be adequately addressed. > > The issue is with the "evaluation of Nominees' experiences and > qualifications" (per NomCom charter). I will outline some purely > hypothetical situations and how they might be handled under the > current process: > > 1) A nominee for the AC indicates that they'd like to serve, but they > also note that they operate a business which depends on availability > of WHOIS data to function. They tell the NomCom that they intend to > recuse themselves from WHOIS policy discussions, to prevent potential > material conflict of interest. The NomCom sees that quite a bit of > the upcoming discussions in the next three years will relate to WHOIS > policy, and feel that the nominee will be impaired, but not fatally > so. In a situation with insufficient nominations, they decide to put > the nominee on the AC slate. In a situation with more nominees, they'd > certainly omit the nominee from the slate. > > 2) A nominee for the Board indicates that they've got enough time to > serve, based on the written description of trustee demands. The > nominee's worried that it might be tight in terms of time commitment > but otherwise manageable as long as "The Big Contract" that they bid > on doesn't get awarded to them. The nominee says confidentially that > it's really a remote chance, since the following well-known firms are > competing for it: XYZ, ABC, QED, but if the award does happen they > will have to resign. The NomCom considers this, and given the dearth > of other candidates either decides it is a reasonable or an > unreasonable risk to add to the Board slate given their potential to > resign mid-term. > > I agree that the current NomCom doesn't provide insight into its > prioritization of the candidates, but I'm not certain how it could in > some circumstances (circumstances which are more common than one would > expect). I didn't think the NomCom would be able or willing to comment on the qualifications of a specific would-be candidate. Nor was I asking that. But, prioritization of would-be candidates based on the would-be candidate's availability to serve during the term or potential conflicts, are both perfectly legitimate, and in my opinion there should be no problem with listing them in an explanation of what criteria the NomCom considers when it decides to accept or reject a candidate. > Making the NomCom a body which simply approves all Nominees > (unless completely defective) means we lose the "evaluation" portion > of its charter. Hence, the suggestion that all nominees get carried > forward, but the Nomcom provides (or not) its endorsement of the > nominee based on their ability to serve productively. Other > suggestions are welcome, including the possibility of having the > community vote on candidates without having consideration of any > information from the candidate which would need to be treated in > confidence. > > Thoughts? I still think what is called for here is transparency of the -criteria- that is used by the NomCom when determining whether a candidate meets qualifications for serving. I just don't see anything in either of your explanations that is so unique that it could not be covered by a criteria list. All the NomCom needs to do is produce a document that lists criteria that they use. They can either distill their experience into a list, or they can do as you did here and illustrate the ideas through use of hypothetical examples. Either way, publishing the criteria used to make the determination allows the community to judge if it's arbitrary or not. In a way this is similar to a job hiring situation. A lot of managers out there who get thrust into position of being the interviewer to evaluate job candidates for the first time, might feel that when they start doing the interviewing, that the interview process is arbitrary and what they are doing is arbitrary. However, if you talk to any manager who has had many years selecting employees they will tell you that they have used their experience doing this to put together a list of criteria they look for. That is why experienced mangers can blow through a stack of 200 resumes in a short time - because they aren't making arbitrary decisions on each one, they are using a template of a summary of criteria to see if the candidate matches or not. I'd submit that if the current NomCom is afraid or feels that they are unable to distill their current "process" into a criteria list, that they simply haven't had much experience in selecting candidates. Forcing them to go through the exercise of doing this might very well cause each of them to have a lot of personal growth and make better selections for us in the future. I'm not telling you anything that a management consultant wouldn't tell you. People have made piles of money writing books on this stuff. Ted From woody at pch.net Wed Sep 23 22:53:18 2009 From: woody at pch.net (Bill Woodcock) Date: Wed, 23 Sep 2009 19:53:18 -0700 (PDT) Subject: [arin-discuss] [arin-ppml] Advisory Council Position Petitions? In-Reply-To: <4ABAA52A.8060407@ipinc.net> References: <20090922200915.GA14735@ussenterprise.ufp.org> <79E4D32F-2940-4587-A49C-DEA9C053E025@arin.net> <4ABA6018.90709@ipinc.net> <4ABA67F7.6080609@ttec.com> <4ABA86BE.7080907@ipinc.net> <4ABAA52A.8060407@ipinc.net> Message-ID: On Wed, 23 Sep 2009, Ted Mittelstaedt wrote: > All the NomCom needs to do is produce a document that lists criteria > that they use. I think you're thinking of the nomcom as an ongoing body, with organizational memory. That's not how it's presently defined. Right now, it's a body which is formed once each year to complete a specific task. It does the task, and is immediately dissolved. It doesn't set policies for future nomcoms, and next year's nomcom isn't comprised of people who were on this year's nomcom. It's just a group of randomly-selected volunteers who perform a defined task once. It produces a slate based upon its judgment and its collective best interpretation of its defined task. If you want to influence its work, volunteer. -Bill From michael.dillon at bt.com Thu Sep 24 03:40:54 2009 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Thu, 24 Sep 2009 08:40:54 +0100 Subject: [arin-discuss] use of 128.66.0.0/16 not clear In-Reply-To: <863a6d7bpp.fsf@seastrom.com> Message-ID: <28E139F46D45AF49A31950F88C497458033F625F@E03MVZ2-UKDY.domain1.systemhost.net> > If we manage to push off the exhaustion date by five or six > months, what have we accomplished? Would that effort not > have been better spent on advancing the cause of IPv6, or > developing interoperability standards for carrier-grade NAT, > or whatever your vision for salvation in a post-IPv4-runout world is? I agree with Rob here. Heroic efforts to extend the IPv4 address lifetime are misplaced. If there is a desire to expend a heroic effort on something, it should be directed at removing the barriers to full-blown IPv6 deployment. Any would-be heroes should sit down at the phone and start calling minor equipment vendors and software vendors to find out when they will support IPv6. Any bit of software used in network operational support or by home users needs to be IPv6 capable. Maybe ARIN could organize an IPv6 awareness sprint, and provide a room full of phones, with coffee and snacks for the volunteers? --Michael Dillon From jcurran at arin.net Thu Sep 24 08:38:47 2009 From: jcurran at arin.net (John Curran) Date: Thu, 24 Sep 2009 08:38:47 -0400 Subject: [arin-discuss] [arin-ppml] Advisory Council Position Petitions? In-Reply-To: <4ABAA52A.8060407@ipinc.net> References: <20090922200915.GA14735@ussenterprise.ufp.org> <79E4D32F-2940-4587-A49C-DEA9C053E025@arin.net> <4ABA6018.90709@ipinc.net> <4ABA67F7.6080609@ttec.com> <4ABA86BE.7080907@ipinc.net> <4ABAA52A.8060407@ipinc.net> Message-ID: <1FBDBE43-155E-4C1F-91EF-337DCA2E7D39@arin.net> On Sep 23, 2009, at 5:46 PM, Ted Mittelstaedt wrote: > > ... But, prioritization of would-be candidates based on > the would-be candidate's availability to serve during the term > or potential conflicts, are both perfectly legitimate, and in my > opinion there should be no problem with listing them in an > explanation of what criteria the NomCom considers when it decides > to accept or reject a candidate. > .. > > I still think what is called for here is transparency of the > -criteria- that is used by the NomCom when determining whether > a candidate meets qualifications for serving. I just don't see > anything in either of your explanations that is so unique that it > could not be covered by a criteria list. Ted - This seems like a perfectly reasonable request: a implied criterion list of one ("ability to successfully serve in the position") doesn't really help potential candidates (or nominators for that matter) determine what factors are being considered. More detailed criteria can be clarified by ARIN staff in the election materials, but ultimately the Board will need to decide what exactly should be considered or not, and adopt language for the Bylaws accordingly. Thanks! /John John Curran President and CEO Sr. Helmsman & Iceberg Lookout ARIN From morrowc.lists at gmail.com Thu Sep 24 09:46:42 2009 From: morrowc.lists at gmail.com (Christopher Morrow) Date: Thu, 24 Sep 2009 09:46:42 -0400 Subject: [arin-discuss] use of 128.66.0.0/16 not clear In-Reply-To: <28E139F46D45AF49A31950F88C497458033F625F@E03MVZ2-UKDY.domain1.systemhost.net> References: <863a6d7bpp.fsf@seastrom.com> <28E139F46D45AF49A31950F88C497458033F625F@E03MVZ2-UKDY.domain1.systemhost.net> Message-ID: <75cb24520909240646y234e41f7k37edf4a205ad5362@mail.gmail.com> On Thu, Sep 24, 2009 at 3:40 AM, wrote: >> If we manage to push off the exhaustion date by five or six >> months, what have we accomplished? ?Would that effort not >> have been better spent on advancing the cause of IPv6, or >> developing interoperability standards for carrier-grade NAT, >> or whatever your vision for salvation in a post-IPv4-runout world is? > > I agree with Rob here. Heroic efforts to extend the IPv4 address > lifetime are misplaced. If there is a desire to expend a heroic I agree with this. > effort on something, it should be directed at removing the barriers > to full-blown IPv6 deployment. Any would-be heroes should sit down > at the phone and start calling minor equipment vendors and software > vendors to find out when they will support IPv6. Any bit of software > used in network operational support or by home users needs to be > IPv6 capable. agreed, keeping in mind there all sorts of things out there that aren't feature compatible v4/v6 (lookie a recently released product, the Juniper EX platform...sad panda) Customers of vendors really need to be clear (and follow through) about what things they want in the products offered. > Maybe ARIN could organize an IPv6 awareness sprint, and provide a room > full of phones, with coffee and snacks for the volunteers? It might be nice if someone (didn't one of the ipv6 taskforce people do this) gather as many varied and sundry network devices + softwares and matrix them against a set of 'capabilities' , publicize the matrix and push vendors to answer why they aren't matching more of the capabilities. Just phone calls isn't gonna help (unless it's a majority of the vendors customers of course). -Chris From vixie at isc.org Thu Sep 24 09:49:55 2009 From: vixie at isc.org (Paul Vixie) Date: Thu, 24 Sep 2009 13:49:55 +0000 Subject: [arin-discuss] ipv6 technology supplier phone bank? In-Reply-To: Your message of "Thu, 24 Sep 2009 08:40:54 +0100." <28E139F46D45AF49A31950F88C497458033F625F@E03MVZ2-UKDY.domain1.systemhost.net> References: <28E139F46D45AF49A31950F88C497458033F625F@E03MVZ2-UKDY.domain1.systemhost.net> Message-ID: <49698.1253800195@nsa.vix.com> > Date: Thu, 24 Sep 2009 08:40:54 +0100 > From: > ... > Maybe ARIN could organize an IPv6 awareness sprint, and provide a room > full of phones, with coffee and snacks for the volunteers? this could be done, and would be among other things a great experience of shared pain, shared fun, and shared learning for all. (and i can see a way to extend it beyond that room on that day, using a ticket system after we get back to our own offices.) however, one part of the challenge seems daunting: > Any would-be heroes should sit down at the phone and start calling minor > equipment vendors and software vendors to find out when they will support > IPv6. Any bit of software used in network operational support or by home > users needs to be IPv6 capable. how should we build the target list, since many of our vendors are several layers deep behind resellers, and since pounding on the resellers may be like pushing on ropes? overall i'm intrigued by this idea, it's a great use of ARIN's resources -- and i mean especially the talents and contacts of *all* of the people here, not just ARIN staff/board/council. paul vixie chairman ARIN BoT From sweeny at indiana.edu Thu Sep 24 10:23:50 2009 From: sweeny at indiana.edu (Brent Sweeny) Date: Thu, 24 Sep 2009 10:23:50 -0400 Subject: [arin-discuss] use of 128.66.0.0/16 not clear In-Reply-To: <75cb24520909240646y234e41f7k37edf4a205ad5362@mail.gmail.com> References: <863a6d7bpp.fsf@seastrom.com> <28E139F46D45AF49A31950F88C497458033F625F@E03MVZ2-UKDY.domain1.systemhost.net> <75cb24520909240646y234e41f7k37edf4a205ad5362@mail.gmail.com> Message-ID: <4ABB80F6.5060706@indiana.edu> I agree with Michael (and others) as well. re v6 readiness, Ron Broersma of DREN has done a LOT of good work evaluating everything along the application/appliance chain and identifying what still doesn't work, or work well. Vendors need to know that we as consumers really *do* care--else they'll continue to claim that there's 'no demand' for v6 (and v6 performance parity with v4) in their products. Christopher Morrow wrote: > On Thu, Sep 24, 2009 at 3:40 AM, wrote: >>> If we manage to push off the exhaustion date by five or six >>> months, what have we accomplished? Would that effort not >>> have been better spent on advancing the cause of IPv6, or >>> developing interoperability standards for carrier-grade NAT, >>> or whatever your vision for salvation in a post-IPv4-runout world is? >> I agree with Rob here. Heroic efforts to extend the IPv4 address >> lifetime are misplaced. If there is a desire to expend a heroic > > I agree with this. > >> effort on something, it should be directed at removing the barriers >> to full-blown IPv6 deployment. Any would-be heroes should sit down > > > >> at the phone and start calling minor equipment vendors and software >> vendors to find out when they will support IPv6. Any bit of software >> used in network operational support or by home users needs to be >> IPv6 capable. > > agreed, keeping in mind there all sorts of things out there that > aren't feature compatible v4/v6 (lookie a recently released product, > the Juniper EX platform...sad panda) > > Customers of vendors really need to be clear (and follow through) > about what things they want in the products offered. > >> Maybe ARIN could organize an IPv6 awareness sprint, and provide a room >> full of phones, with coffee and snacks for the volunteers? > > It might be nice if someone (didn't one of the ipv6 taskforce people > do this) gather as many varied and sundry network devices + softwares > and matrix them against a set of 'capabilities' , publicize the matrix > and push vendors to answer why they aren't matching more of the > capabilities. > > Just phone calls isn't gonna help (unless it's a majority of the > vendors customers of course). > > -Chris > _______________________________________________ > ARIN-Discuss > You are receiving this message because you are subscribed to > the ARIN Discussion Mailing List (ARIN-discuss at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-discuss > Please contact info at arin.net if you experience any issues. From owen at delong.com Thu Sep 24 10:39:55 2009 From: owen at delong.com (Owen DeLong) Date: Thu, 24 Sep 2009 07:39:55 -0700 Subject: [arin-discuss] use of 128.66.0.0/16 not clear In-Reply-To: <28E139F46D45AF49A31950F88C497458033F625F@E03MVZ2-UKDY.domain1.systemhost.net> References: <28E139F46D45AF49A31950F88C497458033F625F@E03MVZ2-UKDY.domain1.systemhost.net> Message-ID: <9AE2E437-6C5A-4F34-9D2F-EBD55F5DC174@delong.com> I agree heroic efforts are misplaced. I would not categorize documenting and distributing a /16 as being a heroic effort. I would not categorize making a simple polite request to InterOp to return a /16 so that it can be aggregated into a /12 and offering them replacement space if needed to be heroic. Much beyond that, I'm in agreement. Owen On Sep 24, 2009, at 12:40 AM, wrote: >> If we manage to push off the exhaustion date by five or six >> months, what have we accomplished? Would that effort not >> have been better spent on advancing the cause of IPv6, or >> developing interoperability standards for carrier-grade NAT, >> or whatever your vision for salvation in a post-IPv4-runout world is? > > I agree with Rob here. Heroic efforts to extend the IPv4 address > lifetime are misplaced. If there is a desire to expend a heroic > effort on something, it should be directed at removing the barriers > to full-blown IPv6 deployment. Any would-be heroes should sit down > at the phone and start calling minor equipment vendors and software > vendors to find out when they will support IPv6. Any bit of software > used in network operational support or by home users needs to be > IPv6 capable. > > Maybe ARIN could organize an IPv6 awareness sprint, and provide a room > full of phones, with coffee and snacks for the volunteers? > > --Michael Dillon > _______________________________________________ > ARIN-Discuss > You are receiving this message because you are subscribed to > the ARIN Discussion Mailing List (ARIN-discuss at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-discuss > Please contact info at arin.net if you experience any issues. From White.Andy at insightcom.com Thu Sep 24 10:48:00 2009 From: White.Andy at insightcom.com (White, Andy) Date: Thu, 24 Sep 2009 10:48:00 -0400 Subject: [arin-discuss] ipv6 technology supplier phone bank? In-Reply-To: <49698.1253800195@nsa.vix.com> References: <28E139F46D45AF49A31950F88C497458033F625F@E03MVZ2-UKDY.domain1.systemhost.net> <49698.1253800195@nsa.vix.com> Message-ID: <1F2672B2A996FC4E8D31944956B9997401EE548C@MAIL01.insight.ds> In response to Paul: " how should we build the target list, since many of our vendors are several layers deep behind resellers, and since pounding on the resellers may be like pushing on ropes?" Perhaps an online questionnaire or survey of membership? Speaking for my organization, we use multiple vendors but we're still a predominantly Cisco shop... I suspect there's a lot of common switches & routers out there; not to mention firewalls, home gateway routers, CDNs, NMS's, IP provisioning systems, etc. Publishing a "scorecard" of, say, the top 5-10 in each category could be a pretty good wake-up call to the vendor community; it would certainly make it easier for smaller and medium-sized ISPs to make purchase decisions in the next year or two, anyway. I like the concept a lot as well. Andy White Director, HSI Engineering Insight Communications e-mail: white.andy at insightcom.com -----Original Message----- From: arin-discuss-bounces at arin.net [mailto:arin-discuss-bounces at arin.net] On Behalf Of Paul Vixie Sent: Thursday, September 24, 2009 9:50 AM To: arin-discuss at arin.net Subject: [arin-discuss] ipv6 technology supplier phone bank? > Date: Thu, 24 Sep 2009 08:40:54 +0100 > From: > ... > Maybe ARIN could organize an IPv6 awareness sprint, and provide a room > full of phones, with coffee and snacks for the volunteers? this could be done, and would be among other things a great experience of shared pain, shared fun, and shared learning for all. (and i can see a way to extend it beyond that room on that day, using a ticket system after we get back to our own offices.) however, one part of the challenge seems daunting: > Any would-be heroes should sit down at the phone and start calling minor > equipment vendors and software vendors to find out when they will support > IPv6. Any bit of software used in network operational support or by home > users needs to be IPv6 capable. how should we build the target list, since many of our vendors are several layers deep behind resellers, and since pounding on the resellers may be like pushing on ropes? overall i'm intrigued by this idea, it's a great use of ARIN's resources -- and i mean especially the talents and contacts of *all* of the people here, not just ARIN staff/board/council. paul vixie chairman ARIN BoT From john at citylinkfiber.com Thu Sep 24 11:45:04 2009 From: john at citylinkfiber.com (John Brown) Date: Thu, 24 Sep 2009 09:45:04 -0600 Subject: [arin-discuss] ipv6 technology supplier phone bank? In-Reply-To: <49698.1253800195@nsa.vix.com> Message-ID: Before doing a call out campaign, I'd build a list of targets and then do a DIRECT MAIL bit to those on the list. Then I'd follow-up with a call out campaign. To build a list of targets, poll the membership of each ARIN (and other RIR's) for a list of vendor gear used. I'd also create a "Badge" that allows the vendors to say we are IPv6 ready... Much like to IPv6 pins I saw at a IETF in Japan a number of years ago. ARIN/RIR's need to then do press releases listing vendor as being ready for the IPv6 world. Gotta make splash for them, help them get market awareness as being a LEADING technology company. On the back side, ARIN / RIR members should start to mandate IPv6 in all purchase orders and vendor responses to RFP's effective well um, NOW. Don't buy the box if it doesn't support a fundamental level of IPv6 stack. Cheers On 9/24/09 7:49 AM, "Paul Vixie" wrote: >> Date: Thu, 24 Sep 2009 08:40:54 +0100 >> From: >> ... >> Maybe ARIN could organize an IPv6 awareness sprint, and provide a room >> full of phones, with coffee and snacks for the volunteers? > > this could be done, and would be among other things a great experience of > shared pain, shared fun, and shared learning for all. (and i can see a > way to extend it beyond that room on that day, using a ticket system after > we get back to our own offices.) however, one part of the challenge seems > daunting: > >> Any would-be heroes should sit down at the phone and start calling minor >> equipment vendors and software vendors to find out when they will support >> IPv6. Any bit of software used in network operational support or by home >> users needs to be IPv6 capable. > > how should we build the target list, since many of our vendors are several > layers deep behind resellers, and since pounding on the resellers may be > like pushing on ropes? > > overall i'm intrigued by this idea, it's a great use of ARIN's resources -- > and i mean especially the talents and contacts of *all* of the people here, > not just ARIN staff/board/council. > > paul vixie > chairman > ARIN BoT > _______________________________________________ > ARIN-Discuss > You are receiving this message because you are subscribed to > the ARIN Discussion Mailing List (ARIN-discuss at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-discuss > Please contact info at arin.net if you experience any issues. From jcurran at arin.net Thu Sep 24 12:45:50 2009 From: jcurran at arin.net (John Curran) Date: Thu, 24 Sep 2009 12:45:50 -0400 Subject: [arin-discuss] ipv6 technology supplier phone bank? In-Reply-To: References: Message-ID: <526B72D3-D8CD-4C81-A5B9-86A83729680C@arin.net> On Sep 24, 2009, at 10:45 AM, John Brown wrote: > > I'd also create a "Badge" that allows the vendors to say we are IPv6 > ready... Much like to IPv6 pins I saw at a IETF in Japan a number > of years > ago. John - That aspect could overlap existing IPv6 advocacy organizations in the region; would you recommend we work in conjunction or independently on this? /John From farmer at umn.edu Thu Sep 24 13:12:35 2009 From: farmer at umn.edu (David Farmer) Date: Thu, 24 Sep 2009 12:12:35 -0500 Subject: [arin-discuss] use of 128.66.0.0/16 not clear In-Reply-To: <9AE2E437-6C5A-4F34-9D2F-EBD55F5DC174@delong.com> References: <28E139F46D45AF49A31950F88C497458033F625F@E03MVZ2-UKDY.domain1.systemhost.net>, <9AE2E437-6C5A-4F34-9D2F-EBD55F5DC174@delong.com> Message-ID: <4ABB6233.17408.DD049AC@farmer.umn.edu> On 24 Sep 2009 Owen DeLong wrote: > I agree heroic efforts are misplaced. > > I would not categorize documenting and distributing a /16 as > being a heroic effort. > > I would not categorize making a simple polite request to InterOp > to return a /16 so that it can be aggregated into a /12 and offering > them replacement space if needed to be heroic. > > Much beyond that, I'm in agreement. > > Owen I agree with Owen, no heroic efforts. But, clearing up the status of 128.66.0.0/16 and politely asking InterOP to return 128.64.0.0/16, with a replacement if necessary, in order to reaggregate and make 128.64.0.0/12 available is not "heroic effort", it is "due diligence." "No heroic efforts" is not the same thing as "no effort at all". If we expect the world to take us seriously when they actually realize they need to do something for the Internet to keep growing, upgrade their network, upgrade their computer, upgrade their OS, etc... We have to be able to demonstrate that we have done "due diligence" in recovering what can at least be easily recovered. Most people in the world don't realize IP Addresses exist, let alone that we are running out of the version of them that most people use. When they finally realize there is a problem they are going to want to know what was done about it. I also agree with the point that there are several legacy /8s assigned to large corporations, that in todays world just don't seem right. However, I not sure what can be done about it, especially anything that wouldn't be considered "heroic effort". The primary non-heroic effort that could be done has, the transfer policy. This should allow these legacy /8 holders to transfer some of their addresses to others on a voluntary basis. Any attempt to force the return of part or all of the legacy /8s would likely end-up in court, which seems like "heroic effort" to me. Even worse, it is possible to lose in court and end-up with rulings that make things worse, rather than better. =============================================== David Farmer Email:farmer at umn.edu Office of Information Technology Networking & Telecomunication Services University of Minnesota Phone: 612-626-0815 2218 University Ave SE Cell: 612-812-9952 Minneapolis, MN 55414-3029 FAX: 612-626-1818 =============================================== From joelja at bogus.com Thu Sep 24 13:03:21 2009 From: joelja at bogus.com (Joel Jaeggli) Date: Thu, 24 Sep 2009 10:03:21 -0700 Subject: [arin-discuss] ipv6 technology supplier phone bank? In-Reply-To: <526B72D3-D8CD-4C81-A5B9-86A83729680C@arin.net> References: <526B72D3-D8CD-4C81-A5B9-86A83729680C@arin.net> Message-ID: <4ABBA659.40000@bogus.com> John Curran wrote: > On Sep 24, 2009, at 10:45 AM, John Brown wrote: >> I'd also create a "Badge" that allows the vendors to say we are IPv6 >> ready... Much like to IPv6 pins I saw at a IETF in Japan a number >> of years >> ago. There is one already. I would just observe that certification is expensive and in my opinion fairly incomplete and that there are more products without it that support v6 then there are with... > John - > That aspect could overlap existing IPv6 advocacy organizations in > the region; would you recommend we work in conjunction or > independently on this? The gap in my mind driven by the lack of operational experience, on the part of the consumers of the technology (isp's and enterprises) about what they need, in turn that leads to a paucity of useful feedback to vendors (I'm one of those). It's not apparently obvious to the customer for example that a dual stack firewall should probably support being managed over v6, that routers need dhcpv6 relay, that ra-guard like mechanisms are desirable, etc. Without experience there are a lot of problems that the feature request (need v6 support) doesn't exactly capture. > /John > _______________________________________________ > ARIN-Discuss > You are receiving this message because you are subscribed to > the ARIN Discussion Mailing List (ARIN-discuss at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-discuss > Please contact info at arin.net if you experience any issues. > From john at citylinkfiber.com Thu Sep 24 13:19:07 2009 From: john at citylinkfiber.com (John Brown) Date: Thu, 24 Sep 2009 11:19:07 -0600 Subject: [arin-discuss] ipv6 technology supplier phone bank? In-Reply-To: <526B72D3-D8CD-4C81-A5B9-86A83729680C@arin.net> Message-ID: Teaming would be the preferred choice. Unified message, leverage work already done by the other parties, etc. I?d look at the FTTH Council as well. FTTH is going to be a big push and I suspect user of IPv6 enabled widgets. Remembering that IPv6 gives us enough IP space to make sure our toaster has SNMP, with fiber it will be better ;) Sorry, had to inject some relevant humor. On 9/24/09 10:45 AM, "John Curran" wrote: > On Sep 24, 2009, at 10:45 AM, John Brown wrote: >> > >> > I'd also create a "Badge" that allows the vendors to say we are IPv6 >> > ready... Much like to IPv6 pins I saw at a IETF in Japan a number >> > of years >> > ago. > > John - > That aspect could overlap existing IPv6 advocacy organizations in > the region; would you recommend we work in conjunction or > independently on this? > /John > -------------- next part -------------- An HTML attachment was scrubbed... URL: From dwhite at olp.net Thu Sep 24 13:23:03 2009 From: dwhite at olp.net (Dan White) Date: Thu, 24 Sep 2009 12:23:03 -0500 Subject: [arin-discuss] ipv6 technology supplier phone bank? In-Reply-To: <1F2672B2A996FC4E8D31944956B9997401EE548C@MAIL01.insight.ds> References: <28E139F46D45AF49A31950F88C497458033F625F@E03MVZ2-UKDY.domain1.systemhost.net> <49698.1253800195@nsa.vix.com> <1F2672B2A996FC4E8D31944956B9997401EE548C@MAIL01.insight.ds> Message-ID: <20090924172303.GE5118@dan.olp.net> On 24/09/09?10:48?-0400, White, Andy wrote: >In response to Paul: > >" how should we build the target list, since many of our vendors are >several >layers deep behind resellers, and since pounding on the resellers may be >like pushing on ropes?" > >Perhaps an online questionnaire or survey of membership? Speaking for >my organization, we use multiple vendors but we're still a predominantly >Cisco shop... I suspect there's a lot of common switches & routers out >there; not to mention firewalls, home gateway routers, CDNs, NMS's, IP >provisioning systems, etc. Publishing a "scorecard" of, say, the top >5-10 in each category could be a pretty good wake-up call to the vendor >community; it would certainly make it easier for smaller and >medium-sized ISPs to make purchase decisions in the next year or two, >anyway. I've created a page on the getipv6 Wiki to encourage members to list their common vendors: http://www.getipv6.info/index.php/Vendors_in_the_ARIN_Region Please consider taking a few moments to add vendors that you work with, including a short description of what the company does, and any contact information you have. Additions can be posted under an 'anonymous' wiki account if you would like to keep your vendor list private. -- Dan White BTC Broadband From mahannig at akamai.com Thu Sep 24 13:23:11 2009 From: mahannig at akamai.com (Hannigan, Martin) Date: Thu, 24 Sep 2009 13:23:11 -0400 Subject: [arin-discuss] use of 128.66.0.0/16 not clear In-Reply-To: <4ABB6233.17408.DD049AC@farmer.umn.edu> Message-ID: On 9/24/09 1:12 PM, "David Farmer" wrote: > But, clearing up the > status of 128.66.0.0/16 and politely asking InterOP to return > 128.64.0.0/16, with a replacement if necessary, in order to > reaggregate and make 128.64.0.0/12 available is not "heroic > effort", it is "due diligence." > > "No heroic efforts" is not the same thing as "no effort at all". > There's little reason to not expect ARIN to be efficient as possible in the management of their ICANN allocated space just as we expect members to be efficient as possible with theirs. That means preserving and/or recovering v4 space where possible for as long as there are people asking (needs) for it. YMMV, -M< -- Martin Hannigan http://www.akamai.com Akamai Technologies, Inc. marty at akamai.com Cambridge, MA USA cell: +16178216079 ofc: +16174442535 From john at citylinkfiber.com Thu Sep 24 13:41:58 2009 From: john at citylinkfiber.com (John Brown) Date: Thu, 24 Sep 2009 11:41:58 -0600 Subject: [arin-discuss] ipv6 technology supplier phone bank? In-Reply-To: Message-ID: Great, then ARIN should help built unity and support with these other entities that are out there pushing for IPv6. This will be a TEAM sport :) On 9/24/09 11:37 AM, "Antonio Querubin" wrote: > On Thu, 24 Sep 2009, John Brown wrote: > >> > I'd also create a "Badge" that allows the vendors to say we are IPv6 >> > ready... Much like to IPv6 pins I saw at a IETF in Japan a number of years >> > ago. > > A logo for the badge already exists: > > ipv6ready.org > > > Antonio Querubin > 808-545-5282 x3003 > e-mail/xmpp: tony at lava.net > -------------- next part -------------- An HTML attachment was scrubbed... URL: From morrowc.lists at gmail.com Thu Sep 24 13:38:55 2009 From: morrowc.lists at gmail.com (Christopher Morrow) Date: Thu, 24 Sep 2009 13:38:55 -0400 Subject: [arin-discuss] use of 128.66.0.0/16 not clear In-Reply-To: <4ABB6233.17408.DD049AC@farmer.umn.edu> References: <28E139F46D45AF49A31950F88C497458033F625F@E03MVZ2-UKDY.domain1.systemhost.net> <9AE2E437-6C5A-4F34-9D2F-EBD55F5DC174@delong.com> <4ABB6233.17408.DD049AC@farmer.umn.edu> Message-ID: <75cb24520909241038v5f5860c4g6242f011be845d58@mail.gmail.com> On Thu, Sep 24, 2009 at 1:12 PM, David Farmer wrote: > I also agree with the point that there are several legacy /8s > assigned to large corporations, that in todays world just don't > seem right. ?However, I not sure what can be done about it, I'm not disagreeing with the rest of your note here, I do wonder how the above was arrived at? Let's look at Apple for instance (who have 17/8 at least). There are several ways I can see that they may easily justify usage for this allocation. -chris From farmer at umn.edu Thu Sep 24 14:38:50 2009 From: farmer at umn.edu (David Farmer) Date: Thu, 24 Sep 2009 13:38:50 -0500 Subject: [arin-discuss] use of 128.66.0.0/16 not clear In-Reply-To: <75cb24520909241038v5f5860c4g6242f011be845d58@mail.gmail.com> References: <28E139F46D45AF49A31950F88C497458033F625F@E03MVZ2-UKDY.domain1.systemhost.net>, <4ABB6233.17408.DD049AC@farmer.umn.edu>, <75cb24520909241038v5f5860c4g6242f011be845d58@mail.gmail.com> Message-ID: <4ABB766A.29576.E1F415F@farmer.umn.edu> On 24 Sep 2009 Christopher Morrow wrote: > On Thu, Sep 24, 2009 at 1:12 PM, David Farmer wrote: > > I also agree with the point that there are several legacy /8s > > assigned to large corporations, that in todays world just don't > > seem right. ?However, I not sure what can be done about it, > > I'm not disagreeing with the rest of your note here, I do wonder how > the above was arrived at? Let's look at Apple for instance (who have > 17/8 at least). There are several ways I can see that they may easily > justify usage for this allocation. > > -chris Its more an impression many people have, I very much don't want to create a witch hunt, as I said in a previous post. But lets run the number for Apple since you brought them up; With a little Googling, Fortune says Apple has about 16,000 employees. Well their /8 gives them about 16,000,000 IPs, that is about 1000 IPs per employee. I'm not saying they should have to go down to /18 or anything. But, if they gave back a /9 they would still have 500 address per employee. I not saying that Apple or the other guys with /8s are evil. Hey, I'm a big fat american, who stuffs his face with food everyday while other people in the world are starving. I'm just validating that it seems wrong that I stuff my face while people are starving, and that Apple and a few other companies have /8s when other people have to beg a plead for addresses. If I could snap my fingers and both solve world hunger and implement IPv6, I would, but I can't. Gross inequity is wrong, we should recognize that, but at the same time recognize that in all of human history no one has really solved that one either. To sum up, trying to force any return of the legacy /8s is really heroic effort, and it would be better spent on implementing IPv6. But, let not say there is no inequities there. =============================================== David Farmer Email:farmer at umn.edu Office of Information Technology Networking & Telecomunication Services University of Minnesota Phone: 612-626-0815 2218 University Ave SE Cell: 612-812-9952 Minneapolis, MN 55414-3029 FAX: 612-626-1818 =============================================== From jay at impulse.net Thu Sep 24 15:09:44 2009 From: jay at impulse.net (Jay Hennigan) Date: Thu, 24 Sep 2009 12:09:44 -0700 Subject: [arin-discuss] [arin-ppml] Advisory Council Position Petitions? In-Reply-To: <4ABAA52A.8060407@ipinc.net> References: <20090922200915.GA14735@ussenterprise.ufp.org> <79E4D32F-2940-4587-A49C-DEA9C053E025@arin.net> <4ABA6018.90709@ipinc.net> <4ABA67F7.6080609@ttec.com> <4ABA86BE.7080907@ipinc.net> <4ABAA52A.8060407@ipinc.net> Message-ID: <4ABBC3F8.4040108@impulse.net> Ted Mittelstaedt wrote: > John Curran wrote: > I didn't think the NomCom would be able or willing to comment on > the qualifications of a specific would-be candidate. Nor was I > asking that. This cuts to the heart of the issue. The NomCom is an extension of the leadership of the organization. If more candidates apply than are nominated, then there is an endorsement of those nominated and a non-endorsement of those not nominated. This is done in a secret non-transparent manner under color of authority. >> Making the NomCom a body which simply approves all Nominees (unless >> completely defective) means we lose the "evaluation" portion of its >> charter. But having the NomCom do "evaluation" in secret lacks transparency and injects bias into the election process between "endorsed" candidates and those who are put on the ballot through petition. If that is the intent of its charter, then by definition we have a closed, secret, non-transparent process by which some candidates are placed in a "preferred" status over others. Is this what we want? In other organizations with which I've been associated, the NomCom typically acts more like a recruitment body that twists arms until it can get at least one warm body to volunteer for each office. The problems are generally too few candidates, not too many. >> Hence, the suggestion that all nominees get carried >> forward, but the Nomcom provides (or not) its endorsement of the >> nominee based on their ability to serve productively. > I still think what is called for here is transparency of the > -criteria- that is used by the NomCom when determining whether > a candidate meets qualifications for serving. I just don't see > anything in either of your explanations that is so unique that it > could not be covered by a criteria list. What about transparency? If some candidates are rejected by the NomCom, should there be a public notice given that, "Candidate X applied but was not nominated because his qualifications failed to meet criterion Y"? > All the NomCom needs to do is produce a document that lists criteria > that they use. They can either distill their experience into a > list, or they can do as you did here and illustrate the ideas through > use of hypothetical examples. Either way, publishing the criteria used > to make the determination allows the community to judge if it's > arbitrary or not. How can the community judge arbitrariness if the reasons for rejection of a specific candidate aren't disclosed? IMNSHO, I'd prefer that the NomCom just verified that candidates meet the qualifications to run based on published criteria and disclose the reasons for any rejections. If necessary the NomCom may need to go out and beat the bushes to find at least one qualified candidate for each position. -- Jay Hennigan - CCIE #7880 - Network Engineering - jay at impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV From morrowc.lists at gmail.com Thu Sep 24 15:23:07 2009 From: morrowc.lists at gmail.com (Christopher Morrow) Date: Thu, 24 Sep 2009 15:23:07 -0400 Subject: [arin-discuss] use of 128.66.0.0/16 not clear In-Reply-To: <4ABB766A.29576.E1F415F@farmer.umn.edu> References: <28E139F46D45AF49A31950F88C497458033F625F@E03MVZ2-UKDY.domain1.systemhost.net> <4ABB6233.17408.DD049AC@farmer.umn.edu> <75cb24520909241038v5f5860c4g6242f011be845d58@mail.gmail.com> <4ABB766A.29576.E1F415F@farmer.umn.edu> Message-ID: <75cb24520909241223s1e69c1e8g6df316359c7c1997@mail.gmail.com> On Thu, Sep 24, 2009 at 2:38 PM, David Farmer wrote: > On 24 Sep 2009 Christopher Morrow wrote: > >> On Thu, Sep 24, 2009 at 1:12 PM, David Farmer wrote: >> > I also agree with the point that there are several legacy /8s >> > assigned to large corporations, that in todays world just don't >> > seem right. ?However, I not sure what can be done about it, >> >> I'm not disagreeing with the rest of your note here, I do wonder how >> the above was arrived at? Let's look at Apple for instance (who have >> 17/8 at least). There are several ways I can see that they may easily >> justify usage for this allocation. >> >> -chris > > Its more an impression many people have, I very much don't > want to create a witch hunt, as I said in a previous post. > > But lets run the number for Apple since you brought them up; > With a little Googling, Fortune says Apple has about 16,000 > employees. ?Well their /8 gives them about 16,000,000 IPs, > that is about 1000 IPs per employee. ?I'm not saying they > should have to go down to /18 or anything. ?But, if they gave > back a /9 they would still have 500 address per employee. There's more in this world than people... apple has some significant compute infrastructure, testing infra, compile farms, hosting platforms, at least voip/iphone(s)/laptop/desktop per employee. Simply saying, on a public list, 'a /8 is far more than a company could need evah' is disingenuous. Again, I think we agree, I really wanted to get straight that 'its not simple and from the outside it's very hard to tell what a company is doing with the assets allocated to them.' (never mind the 'sure we can give back a /16 worth of space, how do we renumber things to make that happen without losing too much productivity??') -chris From tedm at ipinc.net Thu Sep 24 16:09:28 2009 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Thu, 24 Sep 2009 13:09:28 -0700 Subject: [arin-discuss] [arin-ppml] Advisory Council Position Petitions? In-Reply-To: <4ABAC03B.3090301@jmaimon.com> References: <20090922200915.GA14735@ussenterprise.ufp.org> <79E4D32F-2940-4587-A49C-DEA9C053E025@arin.net> <4ABA6018.90709@ipinc.net> <4ABA67F7.6080609@ttec.com> <4ABA86BE.7080907@ipinc.net> <4ABAC03B.3090301@jmaimon.com> Message-ID: <4ABBD1F8.8000209@ipinc.net> Joe Maimon wrote: > > > Ted Mittelstaedt wrote: >> Joe Maimon wrote: > >> The RIR system only works because every >> admin on the Internet agrees that it's a Good Thing and we all work >> together to make it work. > > We are in agreement if "every" => "the vast majority of the ones that > matter most". > >> >> Additionally, ARIN is trying to use it's moral authority to get all >> those admins on the Internet to voluntarily adopt IPv6. That isn't >> going to work if the same people ARIN is trying to push to use IPv6 are >> pissed off at ARIN for being capricious and arbitrary. > > The worst I have ever heard ARIN accused of is size bias, which even if > it is true, in my view was or is either inescapable or understandable. > > To find a meaningful number of people who are both upset at ARIN and > consider IPv6 to be important is probably a non starter. > > ARIN's IPv6 efforts do not in my opinion revolve around moral authority. > > Were ARIN to be capricious and arbitrary, it would be best served by > jacking up IPv4 prices and increasing auditing while citing scarcity and > keeping IPv6 only somewhat less difficult to obtain. They would earn a > killing (perhaps literally). Oh, and do away with those pesky elections > and outspoken members. > The fact that ARIN -is not- capricious and arbitrary merely proves my point - everything you have said so far actually strengthens my assertion that what the admins think matters greatly. > Other "community" organizations have done similar. > >> >> Your attempting to make the argument that community support for ARIN is >> not important. > > That was not my meaning. My meaning was that the fact that the nomcom is > community volunteers and members, is of itself a degree of community > participation, sufficient or not on its own to garner community support > and trust. > Just the fact that the nomcom is comprised of community volunteers doesn't matter a hill of beans. That's like saying that just because some misguided volunteers scuttled the "sunset clause" on a recent proposal that the rest of us should have just rolled over and given them a pass because the fact that they were volunteers should have made us support this decision. What matters with the nomcom is what they decide, not who or what is doing the deciding. >>> En masse, they could. Or it could happen by fiat. I believe(hope?) >>> ARIN is well aware of the icebergs they need to navigate around. >>> >> >> I don't believe they are otherwise they would not have made the >> mistake of cutting off the "sunset clause" from a recent policy >> proposal and generating a huge flood of anger from many >> many members. > > I was willing to give them the benefit of doubt at that time Many others were not. So, because they were not and you were, this invalidates their opinion and validates yours? > and I think > they have reacted positively to the feedback and emotions that > transpired, which I would not have categorized as huge or flood-like, > significant as it was. People were very divided on that topic, with > multiple prominent positions. > If they had put the sunset clause back in that would have been positive. They didn't, they just weathered the storm and ended up getting what they wanted, and what half the people wanted. The other half of the people got screwed, epically the people who originally opposed the "selling" proposal and only changed their opposition because of the sunset clause. What you and they fail to understand is that the next time an issue comes up that is polarizing, consensus will be much harder to get because they just handed the opposition the "remember the sunset clause" rallying cry. Everyone will recall what happened with the sunset proposal and no one will want to get screwed over, so nobody will be willing to compromise. In other words, for the gain of being able to "sell IP addresses" some ability to compromise on future was impacted. Maybe ARIN will survive this in the long run, and the ability to compromise will be restored. It depends on how divisive the issues are in the future. But it was a terribly risky gamble by the pro-selling side to make, and most of those people don't realize that they likely scotched something they will want in the future that will be divisive. >> >> In fact I will go so far as to say that not only do -I- not think >> they are, -THEY- don't think they are - otherwise John wouldn't be >> ASKING for opinions. > > This is called a lookout. Standard practice for avoiding icebergs is to > post one while in waters reputed to have them. > >> And for this I am glad because that otherwise >> would be a mark of hubris. > > Sometimes I am amazed they put up with this crap. > Is your response to opposition to swear at it? >>> >>> I put forth that having a flood of under-vetted candidates without >>> clear community support would be worse. >>> >> >> How exactly does increasing the transparency of the criteria the NomCom >> uses going to do this? > > If by doing so you hamper their ability to winnow the chaff. > >> I don't have a problem with the NomCom disqualifying candidates for >> whatever reason. >> >> I do have a huge problem when those "whatever reason" is shrouded in >> secrecy. > > John has noted that this has more to do with the potential confidential > nature of the information that goes into the process. I find that a > reasonable explanation, inasmuch as one is owed. > Why do you persist in creating these straw men? I never said the NomCom should divulge confidential information about a specific candidate. I said the NomCom should issue criteria on what it thinks is a qualified candidate. >> >> As of now we still don't know what criteria was used by the NomCom >> to deny the 2 candidacies. Someone prove to me, in the absence of >> transparency, that they simply didn't just hang the candidate list in >> front of a dartboard and throw darts at it. > > Even without the check and balance the petition process brings, the > nomcom which comprises of volunteers and members of the community who > are publicly named should garner some degree of trust. > I'm quite sure the dropped candidates do not share that assessment. > > I am not in favor of having the committee be a rubber stamp or a simple > mark of support. I think it is important to ensure that voters have a > good selection of qualified trustworthy and reputable individuals running. > > Without this role of the nomcom, the effort involved for every voter to > properly determine these attributes cannot be reasonably expected to > occur, potentially causing fewer voters to participate. > > More importantly, the function also serves to protect ARIN (and its > constituency) from election gaming, which could otherwise be trivial. > Sounds fine to me. Now, please for the 3rd time, explain how the NomCom releasing a document of what they think makes up a qualified candidate is going to negatively impact this? Ted > For this purpose, dart throwing is equally as effective as the > good-faith professional effort that I have no difficulties believing > occurred, without evidence to the contrary. > > With 1-2M one could quite overshadow the current voting membership. Some > astroturfing specialists might consider that a bargain. > > I do have one point regarding the petition success consisting of 5% of > all eligible coming to 172. > > Perhaps this number is somewhat high? Could prior voter turnout > percentage and participation be more meaningful measures to pull the > percentage from? > > Joe From michael.dillon at bt.com Thu Sep 24 17:19:14 2009 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Thu, 24 Sep 2009 22:19:14 +0100 Subject: [arin-discuss] ipv6 technology supplier phone bank? In-Reply-To: <49698.1253800195@nsa.vix.com> Message-ID: <28E139F46D45AF49A31950F88C4974580345ACB5@E03MVZ2-UKDY.domain1.systemhost.net> > how should we build the target list, since many of our > vendors are several layers deep behind resellers, and since > pounding on the resellers may be like pushing on ropes? I would say that we should not restrict the target list to only network ops related companies with which we have relationships because a lot of that is already covered. On the other hand, we could be asking questions like "Please give me the date when your products will support IPv6?" or "When will your promotional materials and catalogs clearly state which products only support legacy IPv4 and which fully support IPv6?". Even a reseller can answer that kind of question. And even when we contact a network device manufacturer or a network ops software development company, we won't necessarily be able to get information out of technical people. So to do a sprint properly, you need some kind of fallback questions that give you enough info to decide whether to list the company on a "hall of shame" web page, or not. In addition, I don't suggest that we limit it only to the stuff that we as network operators need. We could be calling game manufacturers like EA to ask which games support IPv6, and when will the box labeling clearly note that a game supports "only legacy IPv4" or "fully supports IPv6"? Any consumer software is a valid target, as are consumer devices such as Sony Playstation or those little network boxes that show tweets or RSS feeds. Internet radios. All of that stuff has to be capable of functioning in a home whose Internet access is pure IPv6. Remember, that when IPv4 gets scarce, a lot of netops will push low margin customers onto IPv6 in order to free up their IPv4 addresses to continue growing their high margin business. This means that consumer Internet access is one of the first areas where people will be forced to use pure IPv6 on the access link, even if they have IPv4 in the home and the ISP's network is fully dual-stacked. The list should be too big to deal with in one sprint but that's OK because I think the biggest impact comes of doing this repeatedly. In fact, if some NANOG types want to get involved, we could build a VoIP infrastructure kit to support the sprint, and after the ARIN sprint is over, people could look for other gatherings (Open Source, Linux, etc.) where a sprint could be held. And then 6 months later, the second ARIN IPv6 readiness review sprint. --Michael Dillon From michael.dillon at bt.com Thu Sep 24 17:27:37 2009 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Thu, 24 Sep 2009 22:27:37 +0100 Subject: [arin-discuss] ipv6 technology supplier phone bank? In-Reply-To: Message-ID: <28E139F46D45AF49A31950F88C4974580345ACBB@E03MVZ2-UKDY.domain1.systemhost.net> > I'd look at the FTTH Council as well. FTTH is going to be a > big push and I suspect user of IPv6 enabled widgets. FTTH just connects the same networks with different wires. Nothing special there. In addition it is all being done by existing holders of large amounts of IPv4 space. If that's where they want to assign IPv4 addresses, so be it. But the smart grid is doing something new, and that is where we should push IPv6. In fact, when ARIN comes across something like that, we should investigate to see if they are planning on using IPv4, and if so, send an official communique to whatever organization warning them that they are unlikely to ever get any IPv4 addresses for their project. Fortunately the smart grid folks are waking up to this. Basically, if something new doesn't kick-off within about a year or so, it is game over. There will likely be a land rush for the last IPv4 ranges causing run-out to happen 6 months to a year earlier than projected. Incumbents will be OK because they can churn low margin products over to IPv6 to free up IPv4 for high margin stuff or for big customers that they can't afford to lose. --Michael Dillon From michael.dillon at bt.com Thu Sep 24 17:29:58 2009 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Thu, 24 Sep 2009 22:29:58 +0100 Subject: [arin-discuss] ipv6 technology supplier phone bank? In-Reply-To: <20090924172303.GE5118@dan.olp.net> Message-ID: <28E139F46D45AF49A31950F88C4974580345ACBC@E03MVZ2-UKDY.domain1.systemhost.net> > http://www.getipv6.info/index.php/Vendors_in_the_ARIN_Region > > Please consider taking a few moments to add vendors that you > work with, including a short description of what the company > does, and any contact information you have. Additions can be > posted under an 'anonymous' > wiki account if you would like to keep your vendor list private. If you include your former vendors and all those vendors with awful stuff that you decided not to touch with a 10-foot pole after the RFP process, then no one will know who your real vendors are. After all, the point is to get as much contact info as possible. --Michael Dillon From tedm at ipinc.net Thu Sep 24 17:45:22 2009 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Thu, 24 Sep 2009 14:45:22 -0700 Subject: [arin-discuss] [arin-ppml] Advisory Council Position Petitions? In-Reply-To: References: <20090922200915.GA14735@ussenterprise.ufp.org> <79E4D32F-2940-4587-A49C-DEA9C053E025@arin.net> <4ABA6018.90709@ipinc.net> <4ABA67F7.6080609@ttec.com> <4ABA86BE.7080907@ipinc.net> <4ABAA52A.8060407@ipinc.net> Message-ID: <4ABBE872.6000803@ipinc.net> Bill Woodcock wrote: > On Wed, 23 Sep 2009, Ted Mittelstaedt wrote: > > All the NomCom needs to do is produce a document that lists criteria > > that they use. > > I think you're thinking of the nomcom as an ongoing body, with > organizational memory. That's not how it's presently defined. Right now, > it's a body which is formed once each year to complete a specific task. > It does the task, and is immediately dissolved. It doesn't set policies > for future nomcoms, and next year's nomcom isn't comprised of people who > were on this year's nomcom. It's just a group of randomly-selected > volunteers who perform a defined task once. It produces a slate based > upon its judgment and its collective best interpretation of its defined > task. If you want to influence its work, volunteer. > > -Bill > Bill, you use the phrase "interpretation of its defined task" this is the heart of the discussion. As I understand it, (John correct me if this is wrong) the Board assembles the NomCom and empowers them with the "task of producing a slate of qualified candidates" Thus, responsibility for defining to the NomCom what constitutes a qualified candidate must rest with the empowering authority, ie: the board. If that is how it works then if the definition of a qualified candidate is very vague, the NomCom has a huge amount of leeway because the elastic definition of "qualified" then becomes subject to debate, as well as whether or not a candidate meets the definition. If however there is a published definition of "qualified candidate" then now the only burden on a rejected candidate is of arguing that they meet the definition, the rejected candidate then cannot argue that the NomCom is defining "qualified candidate" differently for each candidate. It may not be the best thing for the current NomCom to create this definition but certainly now, while fresh from their work of selecting candidates, they could be very helpful in creating the definition. Ted From jcurran at arin.net Thu Sep 24 18:21:01 2009 From: jcurran at arin.net (John Curran) Date: Thu, 24 Sep 2009 18:21:01 -0400 Subject: [arin-discuss] Advisory Council Position Petitions? In-Reply-To: <4ABBC3F8.4040108@impulse.net> References: <20090922200915.GA14735@ussenterprise.ufp.org> <79E4D32F-2940-4587-A49C-DEA9C053E025@arin.net> <4ABA6018.90709@ipinc.net> <4ABA67F7.6080609@ttec.com> <4ABA86BE.7080907@ipinc.net> <4ABAA52A.8060407@ipinc.net> <4ABBC3F8.4040108@impulse.net> Message-ID: <2B3CF330-9BA2-43D6-9F42-84B8E2971823@arin.net> On Sep 24, 2009, at 2:09 PM, Jay Hennigan wrote: > > In other organizations with which I've been associated, the NomCom > typically acts more like a recruitment body that twists arms until > it can get at least one warm body to volunteer for each office. The > problems are generally too few candidates, not too many. That's the way its traditionally been ARIN as well. > What about transparency? If some candidates are rejected by the > NomCom, should there be a public notice given that, "Candidate X > applied but was not nominated because his qualifications failed to > meet criterion Y"? That would mean that the nominees and NomCom would be restricted to publicly disclosable information in their dialogue (i.e. the NomCom couldn't consider confidential information provided to clarify ability to commit time to the role, or how the candidate might resolve potential conflict of interests, etc) > How can the community judge arbitrariness if the reasons for > rejection of a specific candidate aren't disclosed? Acknowledged; if the community is going to judge the NomCom's assessment, it needs access to the same information as the NomCom. > IMNSHO, I'd prefer that the NomCom just verified that candidates > meet the qualifications to run based on published criteria and > disclose the reasons for any rejections. That function (verification of credentials) doesn't actually even require a NomCom, as staff does that work with oversight by myself and counsel if needed. /John John Curran President and CEO ARIN From jay at impulse.net Thu Sep 24 19:20:18 2009 From: jay at impulse.net (Jay Hennigan) Date: Thu, 24 Sep 2009 16:20:18 -0700 Subject: [arin-discuss] Advisory Council Position Petitions? In-Reply-To: <2B3CF330-9BA2-43D6-9F42-84B8E2971823@arin.net> References: <20090922200915.GA14735@ussenterprise.ufp.org> <79E4D32F-2940-4587-A49C-DEA9C053E025@arin.net> <4ABA6018.90709@ipinc.net> <4ABA67F7.6080609@ttec.com> <4ABA86BE.7080907@ipinc.net> <4ABAA52A.8060407@ipinc.net> <4ABBC3F8.4040108@impulse.net> <2B3CF330-9BA2-43D6-9F42-84B8E2971823@arin.net> Message-ID: <4ABBFEB2.30203@impulse.net> John Curran wrote: > On Sep 24, 2009, at 2:09 PM, Jay Hennigan wrote: >> In other organizations with which I've been associated, the NomCom >> typically acts more like a recruitment body that twists arms until >> it can get at least one warm body to volunteer for each office. The >> problems are generally too few candidates, not too many. > > That's the way its traditionally been ARIN as well. > >> What about transparency? If some candidates are rejected by the >> NomCom, should there be a public notice given that, "Candidate X >> applied but was not nominated because his qualifications failed to >> meet criterion Y"? > > That would mean that the nominees and NomCom would be restricted to > publicly disclosable information in their dialogue (i.e. the NomCom > couldn't consider confidential information provided to clarify ability > to commit time to the role, or how the candidate might resolve > potential conflict of interests, etc). Should candidate selection based on criteria such as ability to commit time to the role, or how the candidate might resolve potential conflict of interests be the choice of the NomCom, or the choice of the voters? I'd prefer that the voters would be the logical choice. As a mild example, if a candidate's answer to the confidential question, "How would you resolve this conflict of interest" was, "By giving $5,000 to every member of the NomCom if I get on the ballot", there might be a problem. Is the NomCom's assessment of a candidate's qualifications based on private data better than the community's based on public data? If so, then why bother with elections? >> How can the community judge arbitrariness if the reasons for >> rejection of a specific candidate aren't disclosed? > > > Acknowledged; if the community is going to judge the NomCom's > assessment, it needs access to the same information as the NomCom. And that isn't the case now. The process lacks transparency. And it adds an extra step. Judging the NomCom shouldn't be the community's job. The community should be assessing the candidates. And by this I mean all of the qualified candidates on an equal footing, not the blessed vs. the unblessed. >> IMNSHO, I'd prefer that the NomCom just verified that candidates >> meet the qualifications to run based on published criteria and >> disclose the reasons for any rejections. > > That function (verification of credentials) doesn't actually even > require a NomCom, as staff does that work with oversight by myself and > counsel if needed. So do that then. Let the NomCom act as a recruitment body twisting arms for positions where no candidates come forward, and let staff verify credentials where candidates volunteer (or double-check a verification done by the NomCom). Any other method leaves candidates who apply and want the job but are turned aside by the NomCom tainted. "What do they know that I don't? They would have allowed this candidate onto the ballot unless there is something very wrong that they're not disclosing. This must be a bad person if s/he has to petition and the other candidates were approved." -- Jay Hennigan - CCIE #7880 - Network Engineering - jay at impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV From vixie at vix.com Sat Sep 26 10:41:55 2009 From: vixie at vix.com (Paul Vixie) Date: Sat, 26 Sep 2009 14:41:55 +0000 Subject: [arin-discuss] ipv6 technology supplier phone bank? In-Reply-To: Your message of "Thu, 24 Sep 2009 09:56:15 -0400." <2b5e50900909240656p17ed1dbek61a40b2a7b53a7f@mail.gmail.com> References: <28E139F46D45AF49A31950F88C497458033F625F@E03MVZ2-UKDY.domain1.systemhost.net> <49698.1253800195@nsa.vix.com> <2b5e50900909240656p17ed1dbek61a40b2a7b53a7f@mail.gmail.com> Message-ID: <28267.1253976115@nsa.vix.com> > Date: Thu, 24 Sep 2009 09:56:15 -0400 > From: alex phillips (alex gave me permission to answer this private e-mail publically.) > I must have missed the start of this thread but one of the issues we have > seen in movement towards IPv6 was not only support but moreover the lack > of profitable reasons to move to it. agreed. many have called this "the chicken/egg problem." once there are customers for IPv6 there will be technology and tools for it, but many of the customers can't enter until the technology and tools are better and more plentiful. it's also important that until everybody else has adopted IPv6 there is no obvious reason for any of us to adopt it -- since there is nobody to talk to yet. (so, at least two chickens and at least two eggs.) > I think someone needs to take a lead on this front so that the logical > move to IPv6 is also a profit driven move. working backward from a theoretical new equilibrium where IPv6 growth is profit driven, what's necessary is for the world to first run out of fresh never-before-used IPv4, then reallocate and increase efficiency/utilization of used-before IPv4, invent/deploy various new forms of "extreme NAT", and finally have it be that new entrants to the Internet economy have no viable IPv4-containing strategy and so then-existing participants add IPv6 so as to continue growing their own customer bases. throughout these processes, dual-stack accretion will add new mostly-silent latent IPv6 endpoints. this all seems inevitable, but the timing isn't set in stone, and so it's not possible to perfectly judge when to make the dual stack leap. jump too early and you suffer by investing in technology that won't help your bottom line in the current planning horizon. jumping a little too late seems to be the preferrable risk for many, which would be a self justifying prophecy. the things we're uncertain of are therefore driving our business decisions, which is an unhappy state of affairs. we don't know exactly when IPv4 will run out, we don't know when others will make the jump to IPv6 (thus giving us someone to talk to if we make that same jump), we don't know how much underutilized IPv4 space will come into a transfer market or how long that much space (however much it is) will last and we don't know what new forms of "extreme NAT" will be invented or what effects those will have on the schedule by which everybody else is forced to IPv6 so it's safe to invest in it and depend on it. what we do know is that IPv4 *will* run out, and that no matter how much new post-depletion network growth is enabled by an IPv4 transfer market, the global information economy will eventually adopt some combination of "extreme NAT" and IPv6. and at that point IPv6 will be profitable. but that is not soon enough or certain enough to base a business plan on. as a 501(C)(6) nonprofit business league, ARIN can help this transition by making IPv6 easy to adopt. i don't know how we can influence profitability, which will be based on demand, which will be based on alternative costs. the natural cutoff point where IPv6 becomes profitable will be after the end of IPv4 growth, and so IPv6 will remain a defensive investment until literally the day before it becomes a speculative investment. Paul Vixie Chairman ARIN BoT From spiffnolee at yahoo.com Sun Sep 27 13:21:44 2009 From: spiffnolee at yahoo.com (Lee Howard) Date: Sun, 27 Sep 2009 10:21:44 -0700 (PDT) Subject: [arin-discuss] ipv6 technology supplier phone bank? In-Reply-To: <28E139F46D45AF49A31950F88C4974580345ACB5@E03MVZ2-UKDY.domain1.systemhost.net> References: <28E139F46D45AF49A31950F88C4974580345ACB5@E03MVZ2-UKDY.domain1.systemhost.net> Message-ID: <415885.49622.qm@web63308.mail.re1.yahoo.com> > We could be calling game manufacturers > like EA to ask which games support IPv6, and when will the box labeling > clearly note that a game supports "only legacy IPv4" or "fully supports > IPv6"? Any consumer software is a valid target, as are consumer devices > such as Sony Playstation or those little network boxes that show tweets I don't have contact information for people at Sony, Nintendo (Wii, DSi), or Tivo. I will personally call contacts there, if anyone has any. Yes, I'm also pursuing the information posted on their websites, but my experience so far has been, "We plan to support it when it's needed." Slingbox won't even let me ask a question without a registration number or credit card, so maybe somebody else can ask them. Lee -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael.dillon at bt.com Sun Sep 27 14:01:18 2009 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Sun, 27 Sep 2009 19:01:18 +0100 Subject: [arin-discuss] ipv6 technology supplier phone bank? In-Reply-To: <415885.49622.qm@web63308.mail.re1.yahoo.com> Message-ID: <28E139F46D45AF49A31950F88C4974580345BA34@E03MVZ2-UKDY.domain1.systemhost.net> > I don't have contact information for people at Sony, Nintendo > (Wii, DSi), > or Tivo. I will personally call contacts there, if anyone > has any. Yes, I'm > also pursuing the information posted on their websites, but > my experience so far has been, "We plan to support it when > it's needed." Slingbox won't even let me ask a question > without a registration number or credit card, so maybe > somebody else can ask them. A good way to get your foot in the door with a company that tightly controls contact info, is to start with their Investor Relations department. In fact, given the abruptness of the IPv4 runout leading to an indisputable IPv6 business case, it seems like a good idea to have conversations with every company's IR department even if you already have contacts in the product management area. --Michael Dillon From tedm at ipinc.net Mon Sep 28 14:50:40 2009 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Mon, 28 Sep 2009 11:50:40 -0700 Subject: [arin-discuss] ipv6 technology supplier phone bank? In-Reply-To: <28267.1253976115@nsa.vix.com> References: <28E139F46D45AF49A31950F88C497458033F625F@E03MVZ2-UKDY.domain1.systemhost.net> <49698.1253800195@nsa.vix.com> <2b5e50900909240656p17ed1dbek61a40b2a7b53a7f@mail.gmail.com> <28267.1253976115@nsa.vix.com> Message-ID: <4AC10580.2070809@ipinc.net> Paul Vixie wrote: >> Date: Thu, 24 Sep 2009 09:56:15 -0400 >> From: alex phillips > > (alex gave me permission to answer this private e-mail publically.) > >> I must have missed the start of this thread but one of the issues we have >> seen in movement towards IPv6 was not only support but moreover the lack >> of profitable reasons to move to it. > > agreed. I disagree with this. The ISP business is filled with things that providers -have- to do but are not profitable, in fact, completely the opposite. Take e-mail, for example. Back in 1995 you could actually charge and get money from end-users for e-mail boxes. Then hotmail came out with it's freebie boxes and customers started demanding that you include e-mail boxes at no extra charge with their service, as well as demanding you include a webmail interface. Then hotmail/google/etc came out with spam filtering that actually worked and now customers not only demand free mailboxes with their dialup/dsl/cable/whatever service, they want them spamfiltered as well as with a webinterface. The history of offering Internet service for money has long been one of hack, hack, hack at the bottom line - there's always someone around the corner ready to undercut you with some new scam. In fact the only thing that stops it is when the guy around the corner outsmarts himself, for example when Juno/Netzero were offering free dialup accounts and discovered that they were being bled dry by customers who never paid them a dime, never were enticed to upgrade, and ran popup blocker software that blocked all the adverts that were paying for the service. I have to admit I laughed until milk came out my nose when I saw that one come down. Well I don't know about other ISPs but I can speak for my own and we spend a bundle on mailserver hardware that runs lickity-split to keep up with the demands of the latest spamblock software - but we don't get jack from our customers for it. We do it because if we didn't we wouldn't have no customers. IPv6 is just the latest thing that ISPs are going to have to do that is going to cost more money, and deliver nothing in exchange. Internet service has changed over the last 15 years from being a specialty industry that you could charge a nice fat margin on, to a commodity industry that your margins are razor-thin on, and you only survive through volume. A lot of people, like Alex, and like myself as well, clearly remember the old days and what it used to be like, and while it's fun to sit around electronically swapping stories about the good old days when we could get $20 a month for a 28.8 kilobit dialup connection, and run a modem bank on a T1 in your garage that generated sales of $100K a year for essentially having a huge amount of fun playing with networking toys, the sooner that we all grow up and recognize that those days are gone, and that our industry is all grown up now, the sooner we can get off our collective butts, stop whining that some new regulations are going to cost us money, and get the IPv6 deployment finished and behind us! Anyone who wants to bitch and moan about the cost of IPv6 can go take a trip and talk to the operators of your typical coal-fired electrical power plant about how their going to meet the new carbon cap regulations while still supplying power at the regulated rate that the local PUC's have set for them. Every other business in every other industry has to deal with expenses that they never asked for that the community lays on them, now grow up and take it like a man! (that's meant figuratively, ladies :-) Ted From vixie at isc.org Mon Sep 28 15:33:51 2009 From: vixie at isc.org (Paul Vixie) Date: Mon, 28 Sep 2009 19:33:51 +0000 Subject: [arin-discuss] ipv6 technology supplier phone bank? In-Reply-To: Your message of "Mon, 28 Sep 2009 12:17:54 MST." <1acd01ca4070$6197bed0$24c73c70$@net> References: <28E139F46D45AF49A31950F88C497458033F625F@E03MVZ2-UKDY.domain1.systemhost.net> <49698.1253800195@nsa.vix.com> <2b5e50900909240656p17ed1dbek61a40b2a7b53a7f@mail.gmail.com> <28267.1253976115@nsa.vix.com> <4AC10580.2070809@ipinc.net> <1acd01ca4070$6197bed0$24c73c70$@net> Message-ID: <58477.1254166431@nsa.vix.com> > From: "Tony Hain" > Date: Mon, 28 Sep 2009 12:17:54 -0700 > ... > > IPv6 is just the latest thing that ISPs are going to have to do that > > is going to cost more money, and deliver nothing in exchange. > > This is the short-sighted view of people that can't see past next > quarter. Unfortunately most people are in this space, and will run right > up to the end of the free pool before they acknowledge that they need a > plan for the following quarter. People that insist on having an extremely > short term ROI will never understand the concept of avoiding a boxed > canyon. if one's competitors are doing short-horizon planning, then how can someone win new business without participating in this kind of "race to the bottom"? From alh-ietf at tndh.net Mon Sep 28 15:17:54 2009 From: alh-ietf at tndh.net (Tony Hain) Date: Mon, 28 Sep 2009 12:17:54 -0700 Subject: [arin-discuss] ipv6 technology supplier phone bank? In-Reply-To: <4AC10580.2070809@ipinc.net> References: <28E139F46D45AF49A31950F88C497458033F625F@E03MVZ2-UKDY.domain1.systemhost.net> <49698.1253800195@nsa.vix.com> <2b5e50900909240656p17ed1dbek61a40b2a7b53a7f@mail.gmail.com> <28267.1253976115@nsa.vix.com> <4AC10580.2070809@ipinc.net> Message-ID: <1acd01ca4070$6197bed0$24c73c70$@net> Ted Mittelstaedt wrote: > Paul Vixie wrote: > >> Date: Thu, 24 Sep 2009 09:56:15 -0400 > >> From: alex phillips > > > > (alex gave me permission to answer this private e-mail publically.) > > > >> I must have missed the start of this thread but one of the issues we > have > >> seen in movement towards IPv6 was not only support but moreover the > lack > >> of profitable reasons to move to it. > > > > agreed. > > I disagree with this. The ISP business is filled with things that > providers -have- to do but are not profitable, in fact, completely > the opposite. > > Take e-mail, for example. Back in 1995 you could actually charge and > get money from end-users for e-mail boxes. Then hotmail came out with > it's freebie boxes and customers started demanding that you include > e-mail boxes at no extra charge with their service, as well as > demanding > you include a webmail interface. > > Then hotmail/google/etc came out with spam filtering that actually > worked and now customers not only demand free mailboxes with their > dialup/dsl/cable/whatever service, they want them spamfiltered as well > as with a webinterface. > > The history of offering Internet service for money has long been one > of hack, hack, hack at the bottom line - there's always someone around > the corner ready to undercut you with some new scam. In fact the only > thing that stops it is when the guy around the corner outsmarts > himself, > for example when Juno/Netzero were offering free dialup > accounts and discovered that they were being bled dry by customers who > never paid them a dime, never were enticed to upgrade, and ran > popup blocker software that blocked all the adverts that were paying > for the service. I have to admit I laughed until milk came out my > nose when I saw that one come down. > > Well I don't know about other ISPs but I can speak for my own and we > spend a bundle on mailserver hardware that runs lickity-split to keep > up with the demands of the latest spamblock software - but we don't get > jack from our customers for it. We do it because if we didn't we > wouldn't have no customers. > > IPv6 is just the latest thing that ISPs are going to have to do that > is going to cost more money, and deliver nothing in exchange. This is the short-sighted view of people that can't see past next quarter. Unfortunately most people are in this space, and will run right up to the end of the free pool before they acknowledge that they need a plan for the following quarter. People that insist on having an extremely short term ROI will never understand the concept of avoiding a boxed canyon. Tony > Internet > service has changed over the last 15 years from being a specialty > industry that you could charge a nice fat margin on, to a commodity > industry that your margins are razor-thin on, and you only survive > through volume. A lot of people, like Alex, and like myself as well, > clearly remember the old days and what it used to be like, and while > it's fun to sit around electronically swapping stories about the > good old days when we could get $20 a month for a 28.8 kilobit > dialup connection, and run a modem bank on a T1 in your garage > that generated sales of $100K a year for essentially having a > huge amount of fun playing with networking toys, the sooner that we > all grow up and recognize that those days are gone, and that our > industry is all grown up now, the sooner we can get off our collective > butts, stop whining that some new regulations are going to cost us > money, and get the IPv6 deployment finished and behind us! > > Anyone who wants to bitch and moan about the cost of IPv6 can go > take a trip and talk to the operators of your typical coal-fired > electrical power plant about how their going to meet the new carbon cap > regulations while still supplying power at the regulated rate that the > local PUC's have set for them. Every other business in every other > industry has to deal with expenses that they never asked for that > the community lays on them, now grow up and take it like a man! > (that's meant figuratively, ladies :-) > > > Ted > _______________________________________________ > ARIN-Discuss > You are receiving this message because you are subscribed to > the ARIN Discussion Mailing List (ARIN-discuss at arin.net). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-discuss > Please contact info at arin.net if you experience any issues. From alh-ietf at tndh.net Mon Sep 28 15:58:43 2009 From: alh-ietf at tndh.net (Tony Hain) Date: Mon, 28 Sep 2009 12:58:43 -0700 Subject: [arin-discuss] ipv6 technology supplier phone bank? In-Reply-To: <58477.1254166431@nsa.vix.com> References: <28E139F46D45AF49A31950F88C497458033F625F@E03MVZ2-UKDY.domain1.systemhost.net> <49698.1253800195@nsa.vix.com> <2b5e50900909240656p17ed1dbek61a40b2a7b53a7f@mail.gmail.com> <28267.1253976115@nsa.vix.com> <4AC10580.2070809@ipinc.net> <1acd01ca4070$6197bed0$24c73c70$@net> <58477.1254166431@nsa.vix.com> Message-ID: <1ae901ca4076$15218f80$3f64ae80$@net> Paul Vixie wrote: > > From: "Tony Hain" > > Date: Mon, 28 Sep 2009 12:17:54 -0700 > > ... > > > IPv6 is just the latest thing that ISPs are going to have to do > that > > > is going to cost more money, and deliver nothing in exchange. > > > > This is the short-sighted view of people that can't see past next > > quarter. Unfortunately most people are in this space, and will run > right > > up to the end of the free pool before they acknowledge that they need > a > > plan for the following quarter. People that insist on having an > extremely > > short term ROI will never understand the concept of avoiding a boxed > > canyon. > > if one's competitors are doing short-horizon planning, then how can > someone > win new business without participating in this kind of "race to the > bottom"? Essentially this is the weeding process that leaves only those with deep pockets standing. The IPv6 transition would have been relatively cheap for everyone by spreading it out over time in a parallel deployment. Unfortunately that didn't happen because short term ROI was the order of the day, and will continue to be going forward. Once the source of IPv4 becomes ebay, and the routing tables grow at an unconstrained rate, the costs will be clear and the short term ROI will be to move to IPv6 as fast as possible. For the ISPs this is a problem, because they will need to support IPv4 in some form until they can motivate their customers to move. That means raising the price of IPv4, but in the race-to-the-bottom mentality people refuse to do that because those with deep pockets (allocation wise) are again in the best position to hold out and drive competitors from the market. At the end of the day, the CIOs and their architects need to earn their keep by developing real 3-5 year plans that show the overall costs, and stop ignoring the cost of keeping IPv4 running as 'the cost of doing business'. Deploy CGNs (oh wait those cost money too, and the operational costs of diagnostics will be much higher than people expect ...), break IPv4 as people know it, then charge extra to put it back for those willing to pay. In other words, make the price for IPv4 service align with the costs that will be incurred to keep it running. Yes IPv6 deployment has a cost, but the sooner it can be demonstrated that the cost for keeping IPv4 on life support vastly exceeds that, the sooner work can begin on getting the replacement in place. Tony From tedm at ipinc.net Mon Sep 28 16:44:03 2009 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Mon, 28 Sep 2009 13:44:03 -0700 Subject: [arin-discuss] [Fwd: Re: ipv6 technology supplier phone bank?] Message-ID: <4AC12013.1000008@ipinc.net> Alex asked me to post his following reply: Ted -------- Original Message -------- Subject: Re: [arin-discuss] ipv6 technology supplier phone bank? Date: Mon, 28 Sep 2009 15:03:44 -0400 From: alex phillips To: Ted Mittelstaedt CC: Paul Vixie , arin-discuss at arin.net References: <28E139F46D45AF49A31950F88C497458033F625F at E03MVZ2-UKDY.domain1.systemhost.net> <49698.1253800195 at nsa.vix.com> <2b5e50900909240656p17ed1dbek61a40b2a7b53a7f at mail.gmail.com> <28267.1253976115 at nsa.vix.com> <4AC10580.2070809 at ipinc.net> I agree with all of the below however, those things we do now, free email/spam etc,.. are to be competitive. What is the competative advantage to IPv6 services? Several Companies in Winchester VA jumped on this band wagon because the Government was going to make all Agencies IPv6 complaint by 2008 by order of the OMB. Both of these companies failed at their venture into this. None of my customers are saying, I am switch service providers because you don't have IPv6. It mostly, I don't have ESPN360 on my network and that's why they leave if price was not the issue. So I am more than happy to offer ipv6, I have the network connections and hardware support right now but no one is asking. I think we need to have services available that force the IPv6 service to made available so that there is a competitive advantage to the ISP who can support it. Does anyone have any thoughts on this? On Mon, Sep 28, 2009 at 2:50 PM, Ted Mittelstaedt > wrote: Paul Vixie wrote: Date: Thu, 24 Sep 2009 09:56:15 -0400 From: alex phillips > (alex gave me permission to answer this private e-mail publically.) I must have missed the start of this thread but one of the issues we have seen in movement towards IPv6 was not only support but moreover the lack of profitable reasons to move to it. agreed. I disagree with this. The ISP business is filled with things that providers -have- to do but are not profitable, in fact, completely the opposite. Take e-mail, for example. Back in 1995 you could actually charge and get money from end-users for e-mail boxes. Then hotmail came out with it's freebie boxes and customers started demanding that you include e-mail boxes at no extra charge with their service, as well as demanding you include a webmail interface. Then hotmail/google/etc came out with spam filtering that actually worked and now customers not only demand free mailboxes with their dialup/dsl/cable/whatever service, they want them spamfiltered as well as with a webinterface. The history of offering Internet service for money has long been one of hack, hack, hack at the bottom line - there's always someone around the corner ready to undercut you with some new scam. In fact the only thing that stops it is when the guy around the corner outsmarts himself, for example when Juno/Netzero were offering free dialup accounts and discovered that they were being bled dry by customers who never paid them a dime, never were enticed to upgrade, and ran popup blocker software that blocked all the adverts that were paying for the service. I have to admit I laughed until milk came out my nose when I saw that one come down. Well I don't know about other ISPs but I can speak for my own and we spend a bundle on mailserver hardware that runs lickity-split to keep up with the demands of the latest spamblock software - but we don't get jack from our customers for it. We do it because if we didn't we wouldn't have no customers. IPv6 is just the latest thing that ISPs are going to have to do that is going to cost more money, and deliver nothing in exchange. Internet service has changed over the last 15 years from being a specialty industry that you could charge a nice fat margin on, to a commodity industry that your margins are razor-thin on, and you only survive through volume. A lot of people, like Alex, and like myself as well, clearly remember the old days and what it used to be like, and while it's fun to sit around electronically swapping stories about the good old days when we could get $20 a month for a 28.8 kilobit dialup connection, and run a modem bank on a T1 in your garage that generated sales of $100K a year for essentially having a huge amount of fun playing with networking toys, the sooner that we all grow up and recognize that those days are gone, and that our industry is all grown up now, the sooner we can get off our collective butts, stop whining that some new regulations are going to cost us money, and get the IPv6 deployment finished and behind us! Anyone who wants to bitch and moan about the cost of IPv6 can go take a trip and talk to the operators of your typical coal-fired electrical power plant about how their going to meet the new carbon cap regulations while still supplying power at the regulated rate that the local PUC's have set for them. Every other business in every other industry has to deal with expenses that they never asked for that the community lays on them, now grow up and take it like a man! (that's meant figuratively, ladies :-) Ted _______________________________________________ ARIN-Discuss You are receiving this message because you are subscribed to the ARIN Discussion Mailing List (ARIN-discuss at arin.net ). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-discuss Please contact info at arin.net if you experience any issues. -- Alex Phillips General Manager RBNS.net HighSpeedLink.net From tedm at ipinc.net Mon Sep 28 16:46:49 2009 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Mon, 28 Sep 2009 13:46:49 -0700 Subject: [arin-discuss] ipv6 technology supplier phone bank? In-Reply-To: <1acd01ca4070$6197bed0$24c73c70$@net> References: <28E139F46D45AF49A31950F88C497458033F625F@E03MVZ2-UKDY.domain1.systemhost.net> <49698.1253800195@nsa.vix.com> <2b5e50900909240656p17ed1dbek61a40b2a7b53a7f@mail.gmail.com> <28267.1253976115@nsa.vix.com> <4AC10580.2070809@ipinc.net> <1acd01ca4070$6197bed0$24c73c70$@net> Message-ID: <4AC120B9.207@ipinc.net> Tony Hain wrote: > Ted Mittelstaedt wrote: >> Paul Vixie wrote: >>>> Date: Thu, 24 Sep 2009 09:56:15 -0400 >>>> From: alex phillips >>> (alex gave me permission to answer this private e-mail publically.) >>> >>>> I must have missed the start of this thread but one of the issues we >> have >>>> seen in movement towards IPv6 was not only support but moreover the >> lack >>>> of profitable reasons to move to it. >>> agreed. >> I disagree with this. The ISP business is filled with things that >> providers -have- to do but are not profitable, in fact, completely >> the opposite. >> >> Take e-mail, for example. Back in 1995 you could actually charge and >> get money from end-users for e-mail boxes. Then hotmail came out with >> it's freebie boxes and customers started demanding that you include >> e-mail boxes at no extra charge with their service, as well as >> demanding >> you include a webmail interface. >> >> Then hotmail/google/etc came out with spam filtering that actually >> worked and now customers not only demand free mailboxes with their >> dialup/dsl/cable/whatever service, they want them spamfiltered as well >> as with a webinterface. >> >> The history of offering Internet service for money has long been one >> of hack, hack, hack at the bottom line - there's always someone around >> the corner ready to undercut you with some new scam. In fact the only >> thing that stops it is when the guy around the corner outsmarts >> himself, >> for example when Juno/Netzero were offering free dialup >> accounts and discovered that they were being bled dry by customers who >> never paid them a dime, never were enticed to upgrade, and ran >> popup blocker software that blocked all the adverts that were paying >> for the service. I have to admit I laughed until milk came out my >> nose when I saw that one come down. >> >> Well I don't know about other ISPs but I can speak for my own and we >> spend a bundle on mailserver hardware that runs lickity-split to keep >> up with the demands of the latest spamblock software - but we don't get >> jack from our customers for it. We do it because if we didn't we >> wouldn't have no customers. >> >> IPv6 is just the latest thing that ISPs are going to have to do that >> is going to cost more money, and deliver nothing in exchange. > > This is the short-sighted view of people that can't see past next quarter. > Unfortunately most people are in this space, and will run right up to the > end of the free pool before they acknowledge that they need a plan for the > following quarter. People that insist on having an extremely short term ROI > will never understand the concept of avoiding a boxed canyon. > I've yet to see ROI on our spam filtering and we've been doing it for something like 8 years, now? I forget exactly. ROI must really suck on that. ;-) It does give me some small pleasure to think of the millions of spams that I've sent to the great bit bucket in the sky over that time, though. Ted > Tony > > >> Internet >> service has changed over the last 15 years from being a specialty >> industry that you could charge a nice fat margin on, to a commodity >> industry that your margins are razor-thin on, and you only survive >> through volume. A lot of people, like Alex, and like myself as well, >> clearly remember the old days and what it used to be like, and while >> it's fun to sit around electronically swapping stories about the >> good old days when we could get $20 a month for a 28.8 kilobit >> dialup connection, and run a modem bank on a T1 in your garage >> that generated sales of $100K a year for essentially having a >> huge amount of fun playing with networking toys, the sooner that we >> all grow up and recognize that those days are gone, and that our >> industry is all grown up now, the sooner we can get off our collective >> butts, stop whining that some new regulations are going to cost us >> money, and get the IPv6 deployment finished and behind us! >> >> Anyone who wants to bitch and moan about the cost of IPv6 can go >> take a trip and talk to the operators of your typical coal-fired >> electrical power plant about how their going to meet the new carbon cap >> regulations while still supplying power at the regulated rate that the >> local PUC's have set for them. Every other business in every other >> industry has to deal with expenses that they never asked for that >> the community lays on them, now grow up and take it like a man! >> (that's meant figuratively, ladies :-) >> >> >> Ted >> _______________________________________________ >> ARIN-Discuss >> You are receiving this message because you are subscribed to >> the ARIN Discussion Mailing List (ARIN-discuss at arin.net). >> Unsubscribe or manage your mailing list subscription at: >> http://lists.arin.net/mailman/listinfo/arin-discuss >> Please contact info at arin.net if you experience any issues. > From spiffnolee at yahoo.com Mon Sep 28 16:44:14 2009 From: spiffnolee at yahoo.com (Lee Howard) Date: Mon, 28 Sep 2009 13:44:14 -0700 (PDT) Subject: [arin-discuss] ipv6 technology supplier phone bank? In-Reply-To: <1ae901ca4076$15218f80$3f64ae80$@net> References: <28E139F46D45AF49A31950F88C497458033F625F@E03MVZ2-UKDY.domain1.systemhost.net> <49698.1253800195@nsa.vix.com> <2b5e50900909240656p17ed1dbek61a40b2a7b53a7f@mail.gmail.com> <28267.1253976115@nsa.vix.com> <4AC10580.2070809@ipinc.net> <1acd01ca4070$6197bed0$24c73c70$@net> <58477.1254166431@nsa.vix.com> <1ae901ca4076$15218f80$3f64ae80$@net> Message-ID: <106890.56313.qm@web63305.mail.re1.yahoo.com> > From: Tony Hain > To: Paul Vixie > Cc: arin-discuss at arin.net > Sent: Monday, September 28, 2009 3:58:43 PM > Subject: Re: [arin-discuss] ipv6 technology supplier phone bank? > > At the end of the day, the CIOs and their architects need to earn their keep Enterprise CIOs, or ISP architects? They have different problems with IPv6. > by developing real 3-5 year plans that show the overall costs, and stop > ignoring the cost of keeping IPv4 running as 'the cost of doing business'. > Deploy CGNs (oh wait those cost money too, and the operational costs of > diagnostics will be much higher than people expect ...), break IPv4 as > people know it, then charge extra to put it back for those willing to pay. ISPs will break IPv4 for their paying customers, and charge to put it back together? Brilliant! Especially if the guy down the street hasn't broken it yet.[1] > In other words, make the price for IPv4 service align with the costs that > will be incurred to keep it running. Yes IPv6 deployment has a cost, but the > sooner it can be demonstrated that the cost for keeping IPv4 on life support > vastly exceeds that, the sooner work can begin on getting the replacement in > place. How do you align those costs? If IPv6 requires a new home gateway but IPv4 only requires part of a CGN, which is cheaper? Who incurs the cost? [2] If IPv6 doesn't require a new home gateway, but only gets you to 50% of the Internet, which is cheaper? Answer: both is cheaper than one or the other: use CGN for IPv4-only traffic (so you don't lose customers, except the stuff CGN breaks), use native IPv6 where possible (so you don't pay for their CGN). Cap and grow if you can. Bonus questions: What applications does your CGN break? Are you using CGN, dual-stack light, A+P, or portrange? When will you need this in your network, how long will it take to test it, and how long will it take to build the provisioning and operational systems around it? Lee [1] Notice whether IPv4 is broken for existing customers or only new customers. What happens to competition if users can't switch providers and receive a comparable IPv4 service? [2] Important question. Also important is, "Who are they paying, and what does their ROI look like?" Are CPE vendors thinking, "If I don't support IPv6 until 2012, then all my consumers will have to buy new gear from me again when they're forced into IPv6"? From michael.dillon at bt.com Mon Sep 28 18:12:47 2009 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Mon, 28 Sep 2009 23:12:47 +0100 Subject: [arin-discuss] [Fwd: Re: ipv6 technology supplier phone bank?] In-Reply-To: <4AC12013.1000008@ipinc.net> Message-ID: <28E139F46D45AF49A31950F88C497458034F9CC1@E03MVZ2-UKDY.domain1.systemhost.net> > I think we need to have services available that force the > IPv6 service to made available so that there is a competitive > advantage to the ISP who can support it. > > Does anyone have any thoughts on this? Seek out organizations planning to offer some new form of content service on the Internet, and talk to them (privately) to urge them to incorporate IPv6 into their plans. Point out that they will be forced into IPv6 anyway, so it is better if they incorporate it now while it is not quite mission critical. Point out that the large ISPs will all need some form of carrot to bundle with their IPv6 access services when the crunch day comes in a year or two, and that someone with a new content service, could leverage that situation by negotiating a package deal where the ISP would offer them IPv6 hosting services as well as giving them access to the ISPs newly IPv6 subscribers. The new content services could be anything that targets a large, mainly consumer, audience. Could be some kind of Internet TV channel, a major newspaper switching from print distribution to Internet only. The business model would essentially be that the ISP takes a slice of the consumer's IPv6 access charge and gives it to the content provider in return for exclusive access to the service. You should be able to see how that is an alternative to the typical advertising or subscriber business models that newspapers use (in TV it is OTA or pay-per-view). For this to work you would really need a bundle of varied content services, i.e. one news source (newspaper?), one entertainment source (TV channels or films), one social network (trump Facebook or Twitter), and so on. Maybe something based on Google Wave, or similar. Maybe some walled garden chat service that does AOL one better. I don't know how TV is sold in the USA, but in England, people pay a monthly fee for satellite television that includes a basic package of channels, then pay additional monthly fees for additional bundles of channels. This idea kind of takes off from that without being specifically about TV, i.e. TV-like Internet content is only one form of content and each form of content is like a channel. There is only one bundle, but you can only get it if you upgrade to IPv6 service on one specific ISP. Of course there is no guarantee that big ISPs will do anything like this until years after IPv4 runout, and small ISPs probably can't do this unless they organize like IGA Independent Grocers Association, IDA Independent Druggists Association, to get sufficient buying power. Or someone could build this and syndicate it out to lots of small to mid-size regional ISPs. --Michael Dillon From alh-ietf at tndh.net Mon Sep 28 19:44:01 2009 From: alh-ietf at tndh.net (Tony Hain) Date: Mon, 28 Sep 2009 16:44:01 -0700 Subject: [arin-discuss] ipv6 technology supplier phone bank? In-Reply-To: <106890.56313.qm@web63305.mail.re1.yahoo.com> References: <28E139F46D45AF49A31950F88C497458033F625F@E03MVZ2-UKDY.domain1.systemhost.net> <49698.1253800195@nsa.vix.com> <2b5e50900909240656p17ed1dbek61a40b2a7b53a7f@mail.gmail.com> <28267.1253976115@nsa.vix.com> <4AC10580.2070809@ipinc.net> <1acd01ca4070$6197bed0$24c73c70$@net> <58477.1254166431@nsa.vix.com> <1ae901ca4076$15218f80$3f64ae80$@net> <106890.56313.qm@web63305.mail.re1.yahoo.com> Message-ID: <1b4f01ca4095$8eb805d0$ac281170$@net> Lee Howard wrote: > > From: Tony Hain > > To: Paul Vixie > > Cc: arin-discuss at arin.net > > Sent: Monday, September 28, 2009 3:58:43 PM > > Subject: Re: [arin-discuss] ipv6 technology supplier phone bank? > > > > At the end of the day, the CIOs and their architects need to earn > their keep > > Enterprise CIOs, or ISP architects? They have different problems with > IPv6. Yes their problems are different, but both need to get on with it. > > > by developing real 3-5 year plans that show the overall costs, and > stop > > ignoring the cost of keeping IPv4 running as 'the cost of doing > business'. > > Deploy CGNs (oh wait those cost money too, and the operational costs > of > > diagnostics will be much higher than people expect ...), break IPv4 > as > > people know it, then charge extra to put it back for those willing to > pay. > > ISPs will break IPv4 for their paying customers, and charge to put it > back > together? Brilliant! > Especially if the guy down the street hasn't broken it yet.[1] It is not my plan, it is what the ISPs have backed themselves into by stalling their IPv6 deployments. Just about every ISP is looking for a CGN (even those that claim a religious bias against nat as a technology), because that is the only path they have left themselves at this point. It is not a matter of who has the largest total IPv4 pool today, it is who is the last one to draw from the RIR and have the longest run of new unused space once the panic sets in. Yes the larger historical blocks have some wiggle room, but that reshuffle has a cost as well. > > > In other words, make the price for IPv4 service align with the costs > that > > will be incurred to keep it running. Yes IPv6 deployment has a cost, > but the > > sooner it can be demonstrated that the cost for keeping IPv4 on life > support > > vastly exceeds that, the sooner work can begin on getting the > replacement in > > place. > > How do you align those costs? > If IPv6 requires a new home gateway but IPv4 only requires part of a > CGN, > which is cheaper? Who incurs the cost? [2] If you look at the CGN deployment plans, they all require a new home gateway anyway. > > If IPv6 doesn't require a new home gateway, but only gets you to 50% of > the Internet, which is cheaper? Answer: both is cheaper than one or > the > other: use CGN for IPv4-only traffic (so you don't lose customers, > except > the stuff CGN breaks), use native IPv6 where possible (so you don't pay > for their CGN). Cap and grow if you can. Should have been done years ago, too late now. > > Bonus questions: What applications does your CGN break? Are you using > CGN, dual-stack light, A+P, or portrange? When will you need this in > your > network, how long will it take to test it, and how long will it take to > build the > provisioning and operational systems around it? CGN will break just about everything but simple html and pop, and can't begin to scale in the face of the AJAX fad. It really doesn't matter which one you pick, you are just trading off which apps break, and how much the new home router is going to cost. > > Lee > > [1] Notice whether IPv4 is broken for existing customers or only new > customers. This is a very short term viewpoint. It doesn't take a Nobel prize winner to figure out that the existing customers will be screwed over just like the new ones in short order 'just because you can'. There will be lots of make-work shuffling the old customers into the new model and back when they complain, just to figure out which ones are using apps that care. > What happens to competition if users can't switch providers > and receive a comparable IPv4 service? This question makes it sound like somebody cares about competition.... ;) There is not going to be a 'comparable IPv4 service', no matter how you want to define that, once the free pool is gone. > [2] Important question. Also important is, "Who are they paying, and > what > does their ROI look like?" Are CPE vendors thinking, "If I don't > support > IPv6 until 2012, then all my consumers will have to buy new gear from > me > again when they're forced into IPv6"? I have no idea what CPE vendors are thinking (including the Linksys team which I try to motivate), but I really doubt they will hear IPv6 from consumers, while the ISPs have not been telling the CPE vendors that they need IPv6 capable cpe until very recently, and most ISPs haven't done that yet. CPE vendors run on very thin margins, so they are not even going to start thinking about IPv6 until they get very clear indications from the ISPs as to what is needed. So far the few messages I am aware of are; not coherent; nothing more than an acronym; have not clear timeframes or orders ... YMMV Tony From michael.dillon at bt.com Tue Sep 29 05:04:54 2009 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Tue, 29 Sep 2009 10:04:54 +0100 Subject: [arin-discuss] ipv6 technology supplier phone bank? In-Reply-To: <1b4f01ca4095$8eb805d0$ac281170$@net> Message-ID: <28E139F46D45AF49A31950F88C497458034F9FA6@E03MVZ2-UKDY.domain1.systemhost.net> > > How do you align those costs? > > If IPv6 requires a new home gateway but IPv4 only requires > part of a > > CGN, which is cheaper? Who incurs the cost? [2] > > If you look at the CGN deployment plans, they all require a > new home gateway anyway. With that kind of scenario, you just know that one of the big players is holding their cards close to their chests, planning an IPv6 rollout while paying lip service to carrier grade NAT. They know that if they can lure their competitors into spending a lot of money on CGN, then when those companies are forced into IPv6 anyway, with even more costs and disruption, there will be some nice M&A prospects at bargain prices. > > If IPv6 doesn't require a new home gateway, but only gets > you to 50% > > of the Internet, which is cheaper? Crazy question. Anyone deploying IPv6 to the home user is going to make sure that those IPv6 customers will get access to all of the Internet. Flashable home gateways, especially those based on Linux, can be easily upgraded to support IPv6, so not all home gateways will need to be replaced. > CGN will break just about everything but simple html and pop, > and can't begin to scale in the face of the AJAX fad. Then perhaps we need to think of web content providers as "suppliers" and start contacting them too, to find out when they plan to support IPv6 access to their content services. One AJAX app which is known to create problems even with traditional NAT is Google Maps, but fortunately for the IPv6 folks, Google supports IPv6 already, and is willing to peer widely on IPv6. > > What happens to competition if users can't switch providers and > > receive a comparable IPv4 service? They can still switch providers and receive a comparable IPv6 service. Competition will not disappear. > CPE > vendors run on very thin margins, so they are not even going > to start thinking about IPv6 until they get very clear > indications from the ISPs as to what is needed. They should at least think about it. If they are not running on a platform which currently supports IPv6, then perhaps they should switch platforms before they need the IPv6 support. Those vendors whose home gateways run on Linux, have discovered that it is not a lot of work to add IPv6 support. This in itself may create the appearance of problem because these vendors know that they don't have to do anything until the first orders come in for IPv6 because they can have it ready in a couple of months. >So far the > few messages I am aware of are; not coherent; nothing more > than an acronym; have not clear timeframes or orders ... YMMV This is the reason for the IPv6 Sprint. To get people to firm up their plans and their timeframes. To put it bluntly, if you know that IPv4 will runout in November 2011 and you do not have a firm plan to release a product supporting IPv6 before then, plus have clear timeframes for the development work needed for this IPv6 version, then customers will look elsewhere. In addition, it is necessary to take customer processes into account. If an ISP needs to do three months of lab testing plus three months of field trials before committing to a product, then you had better not plan on releasing your product in November 2011. It had better be out in May 2011. This applies to all kind of products; devices, software, web-sites and so on. --Michael Dillon From spiffnolee at yahoo.com Tue Sep 29 08:14:10 2009 From: spiffnolee at yahoo.com (Lee Howard) Date: Tue, 29 Sep 2009 05:14:10 -0700 (PDT) Subject: [arin-discuss] ipv6 technology supplier phone bank? In-Reply-To: <1b4f01ca4095$8eb805d0$ac281170$@net> References: <28E139F46D45AF49A31950F88C497458033F625F@E03MVZ2-UKDY.domain1.systemhost.net> <49698.1253800195@nsa.vix.com> <2b5e50900909240656p17ed1dbek61a40b2a7b53a7f@mail.gmail.com> <28267.1253976115@nsa.vix.com> <4AC10580.2070809@ipinc.net> <1acd01ca4070$6197bed0$24c73c70$@net> <58477.1254166431@nsa.vix.com> <1ae901ca4076$15218f80$3f64ae80$@net> <106890.56313.qm@web63305.mail.re1.yahoo.com> <1b4f01ca4095$8eb805d0$ac281170$@net> Message-ID: <248786.30221.qm@web63305.mail.re1.yahoo.com> I'm not sure this is still an arin-discuss thread. I'm happy to move it somewhere else, unless we quickly get back to an ARIN-member question, like, "How should ARIN spend its resources to help?" > > ISPs will break IPv4 for their paying customers, and charge to put it > > back > > together? Brilliant! > > Especially if the guy down the street hasn't broken it yet.[1] > > It is not my plan, it is what the ISPs have backed themselves into by > stalling their IPv6 deployments. IPv6 in the core is easy(ish). IPv6 in the data center is easy(ish). IPv6 at the edge is hard. It's partly a network value problem: consumers won't pay more for gateways and gadgets that support IPv6, so vendors don't make them. > > If IPv6 requires a new home gateway but IPv4 only requires part of a > > CGN, > > which is cheaper? Who incurs the cost? [2] > > If you look at the CGN deployment plans, they all require a new home gateway > anyway. Really? > CGN will break just about everything but simple html and pop, and can't > begin to scale in the face of the AJAX fad. It really doesn't matter which > one you pick, you are just trading off which apps break, and how much the > new home router is going to cost. Really? I'm looking for a list of application protocols somewhere. Do you have one handy? > > [1] Notice whether IPv4 is broken for existing customers or only new > > customers. > > This is a very short term viewpoint. Uh, yeah. Remember the problem under discussion was that CIOs are too short-sighted to deploy IPv6 this early, because they're focused on quarterly earnings? > It doesn't take a Nobel prize winner to > figure out that the existing customers will be screwed over just like the > new ones in short order 'just because you can'. There will be lots of > make-work shuffling the old customers into the new model and back when they > complain, just to figure out which ones are using apps that care. You have a very low regard for ISPs. My mileage is different. > > What happens to competition if users can't switch providers > > and receive a comparable IPv4 service? > > This question makes it sound like somebody cares about competition.... ;) > There is not going to be a 'comparable IPv4 service', no matter how you want > to define that, once the free pool is gone. Working from your previous paragraph, there could well be two classes of Internet subscribers: screwed and unscrewed. Could be based on who got there first, or could be based on who pays what. If it lasts for any length of time, we may see broad adoption of RFC3093 (Firewall Enhancement Protocol, i.e., everything over HTTP). > > [2] Important question. Also important is, "Who are they paying, and > > what > > does their ROI look like?" Are CPE vendors thinking, "If I don't > > support > > IPv6 until 2012, then all my consumers will have to buy new gear from > > me > > again when they're forced into IPv6"? > > I have no idea what CPE vendors are thinking (including the Linksys team > which I try to motivate), but I really doubt they will hear IPv6 from > consumers, while the ISPs have not been telling the CPE vendors that they > need IPv6 capable cpe until very recently, and most ISPs haven't done that > yet. CPE vendors run on very thin margins, so they are not even going to > start thinking about IPv6 until they get very clear indications from the > ISPs as to what is needed. So far the few messages I am aware of are; not > coherent; nothing more than an acronym; have not clear timeframes or orders > ... YMMV My point was more that CPE vendors don't sell to ISPs, they sell to consumers, who really don't want to be bothered. ISPs can tell what is needed (work in progress) but don't generally send POs. How should ARIN spend its resources to help? Lee From spiffnolee at yahoo.com Tue Sep 29 08:24:58 2009 From: spiffnolee at yahoo.com (Lee Howard) Date: Tue, 29 Sep 2009 05:24:58 -0700 (PDT) Subject: [arin-discuss] ipv6 technology supplier phone bank? In-Reply-To: <28E139F46D45AF49A31950F88C497458034F9FA6@E03MVZ2-UKDY.domain1.systemhost.net> References: <28E139F46D45AF49A31950F88C497458034F9FA6@E03MVZ2-UKDY.domain1.systemhost.net> Message-ID: <131087.34162.qm@web63305.mail.re1.yahoo.com> ----- Original Message ---- > From: "michael.dillon at bt.com" > To: arin-discuss at arin.net > Sent: Tuesday, September 29, 2009 5:04:54 AM > Subject: Re: [arin-discuss] ipv6 technology supplier phone bank? > > > > If IPv6 doesn't require a new home gateway, but only gets > > you to 50% > > > of the Internet, which is cheaper? > > Crazy question. Anyone deploying IPv6 to the home user is going > to make sure that those IPv6 customers will get access to all of > the Internet. Flashable home gateways, especially those based on > Linux, can be easily upgraded to support IPv6, so not all > home gateways will need to be replaced. How does that get you to the 50% of the Internet that isn't on IPv6? Are CPE vendors going to provide code for those gateways, or are ISPs going to write code and take support calls? > > CGN will break just about everything but simple html and pop, > > and can't begin to scale in the face of the AJAX fad. > > Then perhaps we need to think of web content providers as "suppliers" > and start contacting them too, to find out when they plan to support > IPv6 access to their content services. One AJAX app which is known > to create problems even with traditional NAT is Google Maps, but > fortunately for the IPv6 folks, Google supports IPv6 already, and is > willing to peer widely on IPv6. I strongly recommend that every ISP look at its customers' favorite sites and find out the IPv6 plans for each of them. > > > What happens to competition if users can't switch providers and > > > receive a comparable IPv4 service? > > They can still switch providers and receive a comparable IPv6 > service. Competition will not disappear. You think IPv6 service will be comparable to Internet access with unCGNed IPv4? > >So far the > > few messages I am aware of are; not coherent; nothing more > > than an acronym; have not clear timeframes or orders ... YMMV > > This is the reason for the IPv6 Sprint. To get people to firm > up their plans and their timeframes. To put it bluntly, if you know > that IPv4 will runout in November 2011 and you do not have a firm > plan to release a product supporting IPv6 before then, plus have > clear timeframes for the development work needed for this IPv6 > version, then customers will look elsewhere. In addition, it is > necessary to take customer processes into account. If an ISP needs > to do three months of lab testing plus three months of field trials > before committing to a product, then you had better not plan on > releasing your product in November 2011. It had better be out in > May 2011. > > This applies to all kind of products; devices, software, web-sites > and so on. I complete agree, but I think Tony's looking for more detail. Do home gateways need to support both SLAAC and DHCPv6, as both a client and as a server? Do they need to provide stateful DHCPv6? Do they need to be DNS servers, or relay dDNS updates? If somebody daisy-chains a wi-fi router behind an edge gateway, how does it get a prefix delegation from the gateway's prefix delegation? In other words, people need to be deploying IPv6 now, so they can find out what they don't know, and have time for vendors to fix bugs in features they need. Simply ordering a heap of IPv6 and expecting to be ready isn't enough. Lee From michael.dillon at bt.com Tue Sep 29 09:03:55 2009 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Tue, 29 Sep 2009 14:03:55 +0100 Subject: [arin-discuss] ipv6 technology supplier phone bank? In-Reply-To: <248786.30221.qm@web63305.mail.re1.yahoo.com> Message-ID: <28E139F46D45AF49A31950F88C497458035686C5@E03MVZ2-UKDY.domain1.systemhost.net> > If it lasts for any length of time, we may see broad adoption > of RFC3093 (Firewall Enhancement Protocol, i.e., everything > over HTTP). That was an April Fool RFC. However the real thing does exist to tunnel TCP/IP over an SSL connection Note that stunnel does support IPv6 so I can well imagine that people with IPv6 connectivity might establish a stunnel to some IPv4 analog of HE's tunnel service, in order to get at some obscure IPv4 Internet resource that really matters to them. > How should ARIN spend its resources to help? A) support an IPv6 sprint at ARIN meetings B) support building an IPv6 Sprint kit consisting of VoIP PBX, etc., so that people with minimal technical skill can set up an IPv6 Sprint at other conferences such as Linux ones, Open Source ones, language specific (Python, Java) ones. Seems to me that it is outreach and it is education, therefore fair game for ARIN support. --Michael Dillon P.S. We will know that the sprints worked when you can go to your local computer gaming shop and see boxes of new games with "supports IPv6" on them. From michael.dillon at bt.com Tue Sep 29 09:16:55 2009 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Tue, 29 Sep 2009 14:16:55 +0100 Subject: [arin-discuss] ipv6 technology supplier phone bank? In-Reply-To: <131087.34162.qm@web63305.mail.re1.yahoo.com> Message-ID: <28E139F46D45AF49A31950F88C497458035686FD@E03MVZ2-UKDY.domain1.systemhost.net> > > Crazy question. Anyone deploying IPv6 to the home user is going to > > make sure that those IPv6 customers will get access to all of the > > Internet. > > Flashable home gateways, especially those based on Linux, > > can be easily upgraded to support IPv6, so not all home > gateways will > > need to be replaced. > > How does that get you to the 50% of the Internet that isn't on IPv6? Two separate answers to two questions. Obviously, the gateways are not necessarily the way to get access to the IPv4 Internet. Yes, that means that ISPs will have to invest in 6to4, NATPT, tunnel servers and whatever else comes along. > Are CPE vendors going to provide code for those gateways, or > are ISPs going to write code and take support calls? I expect that the Open Source community will write the code, the CPE vendors will adopt the code and support it, and the ISPs will choose whether they want to take the support calls themselves or foist that onto the vendor. > I strongly recommend that every ISP look at its customers' > favorite sites and find out the IPv6 plans for each of them. That should be part of the IPv6 sprint. It is not just the vendors that we use in our own businesses that matter. In fact, given how far along some key vendors are like Cisco, Juniper, SUN, etc., you could argue that it is more important to reach out to the suppliers that our customers use, including the websites that they use. > > They can still switch providers and receive a comparable > IPv6 service. > > Competition will not disappear. > > You think IPv6 service will be comparable to Internet access > with unCGNed IPv4? People don't judge ISPs based on some study of percentage reachability. They judge them based on the quality of the experience accessing a handful of their favorite sites. So yes, IPv6 service will be comparable to unCGNed IPv4. Both will be unable to reach certain sites when new IPv6 services come online. Why would a site launch with only IPv6 access? Perhaps because they want to deal with steady controlled growth without risking a huge onslaught of new users in the space of a week. Perhaps because they want to try some new features in a controlled trial on an IPv6 version of their main site and don't want to spend too much on supporting the non early adopters. > I complete agree, but I think Tony's looking for more detail. > Do home gateways need to support both SLAAC and DHCPv6, as > both a client and as a server? Do they need to provide > stateful DHCPv6? Do they need to be DNS servers, or relay > dDNS updates? If somebody daisy-chains a wi-fi router behind > an edge gateway, how does it get a prefix delegation from the > gateway's prefix delegation? > > In other words, people need to be deploying IPv6 now, so they > can find out what they don't know, and have time for vendors > to fix bugs in features they need. Simply ordering a heap of > IPv6 and expecting to be ready isn't enough. I wholeheartedly agree. And if you think about the timing of all these stages of testing, both in the vendors and the ISPs, and add them all up, they are getting pretty darn close to the projected dates for IPv4 runout. It's not too late yet, if people get their butts in gear now. But in another 6 months or a year it will be too late. Then the only way to get IPv6 out in time will be to take shortcuts and pray that you don't make a mistake. --Michael Dillon From spiffnolee at yahoo.com Tue Sep 29 09:41:17 2009 From: spiffnolee at yahoo.com (Lee Howard) Date: Tue, 29 Sep 2009 06:41:17 -0700 (PDT) Subject: [arin-discuss] ipv6 technology supplier phone bank? In-Reply-To: <28E139F46D45AF49A31950F88C497458035686C5@E03MVZ2-UKDY.domain1.systemhost.net> References: <28E139F46D45AF49A31950F88C497458035686C5@E03MVZ2-UKDY.domain1.systemhost.net> Message-ID: <527391.38009.qm@web63306.mail.re1.yahoo.com> ----- Original Message ---- > From: "michael.dillon at bt.com" > To: arin-discuss at arin.net > Sent: Tuesday, September 29, 2009 9:03:55 AM > Subject: Re: [arin-discuss] ipv6 technology supplier phone bank? > > > > If it lasts for any length of time, we may see broad adoption > > of RFC3093 (Firewall Enhancement Protocol, i.e., everything > > over HTTP). > > That was an April Fool RFC. Oops, too dry. Yes, that was my point, that things could become absurd. > However the real thing does exist > to tunnel TCP/IP over an SSL connection > Note that stunnel does support IPv6 so I can well imagine that > people with IPv6 connectivity might establish a stunnel to some > IPv4 analog of HE's tunnel service, in order to get at some > obscure IPv4 Internet resource that really matters to them. Lots of tunneling options exist, but none provides interoperability between address families. > > How should ARIN spend its resources to help? > > A) support an IPv6 sprint at ARIN meetings > B) support building an IPv6 Sprint kit consisting of VoIP PBX, > etc., so that people with minimal technical skill can > set up an IPv6 Sprint at other conferences such as > Linux ones, Open Source ones, language specific (Python, Java) > ones. Like http://www.asteriskv6.org/ ? http://www.voip-info.org/wiki/view/Asterisk+bounty+IPv6 Lee From michael.dillon at bt.com Tue Sep 29 09:50:43 2009 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Tue, 29 Sep 2009 14:50:43 +0100 Subject: [arin-discuss] ipv6 technology supplier phone bank? In-Reply-To: <527391.38009.qm@web63306.mail.re1.yahoo.com> Message-ID: <28E139F46D45AF49A31950F88C497458035687C2@E03MVZ2-UKDY.domain1.systemhost.net> > > > How should ARIN spend its resources to help? > > > > A) support an IPv6 sprint at ARIN meetings > > B) support building an IPv6 Sprint kit consisting of VoIP PBX, > > etc., so that people with minimal technical skill can > > set up an IPv6 Sprint at other conferences such as > > Linux ones, Open Source ones, language specific (Python, Java) > > ones. > > Like http://www.asteriskv6.org/ ? > http://www.voip-info.org/wiki/view/Asterisk+bounty+IPv6 For now, I think that the sprint kit should stick with IPv4 components that are working since its main goal is to make it easy to set up a phone bank at a conference, therefore leveraging VoIP to do so. But Asterisk folks do have a conference where they gather and that is one of the places where we should try to organize an IPv6 sprint. --Michael Dillon From alh-ietf at tndh.net Tue Sep 29 13:08:34 2009 From: alh-ietf at tndh.net (Tony Hain) Date: Tue, 29 Sep 2009 10:08:34 -0700 Subject: [arin-discuss] ipv6 technology supplier phone bank? In-Reply-To: <248786.30221.qm@web63305.mail.re1.yahoo.com> References: <28E139F46D45AF49A31950F88C497458033F625F@E03MVZ2-UKDY.domain1.systemhost.net> <49698.1253800195@nsa.vix.com> <2b5e50900909240656p17ed1dbek61a40b2a7b53a7f@mail.gmail.com> <28267.1253976115@nsa.vix.com> <4AC10580.2070809@ipinc.net> <1acd01ca4070$6197bed0$24c73c70$@net> <58477.1254166431@nsa.vix.com> <1ae901ca4076$15218f80$3f64ae80$@net> <106890.56313.qm@web63305.mail.re1.yahoo.com> <1b4f01ca4095$8eb805d0$ac281170$@net> <248786.30221.qm@web63305.mail.re1.yahoo.com> Message-ID: <1c3b01ca4127$7a97d020$6fc77060$@net> Lee Howard wrote: > I'm not sure this is still an arin-discuss thread. I'm happy to move > it > somewhere else, unless we quickly get back to an ARIN-member > question, like, "How should ARIN spend its resources to help?" > > > > > ISPs will break IPv4 for their paying customers, and charge to put > it > > > back > > > together? Brilliant! > > > Especially if the guy down the street hasn't broken it yet.[1] > > > > It is not my plan, it is what the ISPs have backed themselves into by > > stalling their IPv6 deployments. > > IPv6 in the core is easy(ish). > IPv6 in the data center is easy(ish). > IPv6 at the edge is hard. It's partly a network value problem: > consumers > won't pay more for gateways and gadgets that support IPv6, so vendors > don't make them. They should not have to pay more, as the actual differences at that level of device are down in the noise. What they need is motivation, and plumbing is not motivating in its own right, particularly when nobody is explaining the problem in terms they can understand. The next 'YouTube' would be one way to motivate them, if it only worked over IPv6. Of course it would never gain enough audience to be a motivator without at least a minimal IPv6 infrastructure, so what it will take is something like a new service from google or Netflix that says 'buy the (App name) enabled home gateway to enjoy this service'. No plumbing details required. > > > > > If IPv6 requires a new home gateway but IPv4 only requires part of > a > > > CGN, > > > which is cheaper? Who incurs the cost? [2] > > > > If you look at the CGN deployment plans, they all require a new home > gateway > > anyway. > > Really? At this point they basically all boil down to ds-lite, and/or some form of A+P routing to deal with lawful intercept. Simple cascaded nat is the solution from people that haven't given serious thought to the design. > > > CGN will break just about everything but simple html and pop, and > can't > > begin to scale in the face of the AJAX fad. It really doesn't matter > which > > one you pick, you are just trading off which apps break, and how much > the > > new home router is going to cost. > > Really? I'm looking for a list of application protocols somewhere. Do > you > have one handy? Anything that uses upnp will fail. Google-maps will fail if you oversubscribe the addresses by > ~100:1. The iTunes store will fail if you oversubscribe the addresses by > ~10:1. Future AJAX based app given that pattern in release dates and number of objects being pushed at the consumer ??? > > > > > [1] Notice whether IPv4 is broken for existing customers or only > new > > > customers. > > > > This is a very short term viewpoint. > > Uh, yeah. Remember the problem under discussion was that CIOs are > too short-sighted to deploy IPv6 this early, because they're focused on > quarterly earnings? No, cap & grow is an engineering viewpoint looking to do the least amount of work. The business side of the house will force the issue over time so that even the older customers will feel the pain, because their goal is to retain the largest number of customers. The CIO is in the middle, but at the end of the day closer to the business side than the engineering side. > > > It doesn't take a Nobel prize winner to > > figure out that the existing customers will be screwed over just like > the > > new ones in short order 'just because you can'. There will be lots > of > > make-work shuffling the old customers into the new model and back > when they > > complain, just to figure out which ones are using apps that care. > > You have a very low regard for ISPs. My mileage is different. Just observed behavior, unclouded by the ideals they claim to aspire to. This is just fundamental business practice, 'retain the largest number of customers by providing everyone the least you can, and no more than any of them actually claims to need'. When potential new customers demand public IPv4 after the reserves are gone, they will be reclaimed from old customers. The old customers that don't complain will be left in the broken state, while those that do will be put back. > > > > > What happens to competition if users can't switch providers > > > and receive a comparable IPv4 service? > > > > This question makes it sound like somebody cares about > competition.... ;) > > There is not going to be a 'comparable IPv4 service', no matter how > you want > > to define that, once the free pool is gone. > > Working from your previous paragraph, there could well be two classes > of Internet subscribers: screwed and unscrewed. Could be based on who > got there first, or could be based on who pays what. Cap & grow is the engineering approach, poach from the old is the business approach. From my observations, the business side of the house beats down the engineering side of the house every time. > > If it lasts for any length of time, we may see broad adoption of > RFC3093 > (Firewall Enhancement Protocol, i.e., everything over HTTP). Absolutely, but the wild card here is that the OS's can just tunnel over the crap at lower layers if the ISPs don't get their act together. > > > > [2] Important question. Also important is, "Who are they paying, > and > > > what > > > does their ROI look like?" Are CPE vendors thinking, "If I don't > > > support > > > IPv6 until 2012, then all my consumers will have to buy new gear > from > > > me > > > again when they're forced into IPv6"? > > > > I have no idea what CPE vendors are thinking (including the Linksys > team > > which I try to motivate), but I really doubt they will hear IPv6 from > > consumers, while the ISPs have not been telling the CPE vendors that > they > > need IPv6 capable cpe until very recently, and most ISPs haven't done > that > > yet. CPE vendors run on very thin margins, so they are not even going > to > > start thinking about IPv6 until they get very clear indications from > the > > ISPs as to what is needed. So far the few messages I am aware of are; > not > > coherent; nothing more than an acronym; have not clear timeframes or > orders > > ... YMMV > > My point was more that CPE vendors don't sell to ISPs, they sell to > consumers, who really don't want to be bothered. This is not globally true, but more to the point, the CPE vendors are not getting a clear indication of what the ISP service interface will look like, so they couldn't build a box no matter who the final customer would end up being. > ISPs can tell what is > needed (work in progress) but don't generally send POs. ISP service is regional, while the CPE boxes are generally global. In large part the ISPs stopped participating in the standards development process, particularly those in the ARIN region for the topic of IPv6, and now that lack of effort is coming back in the form of a gap in the service interface specifications. > > How should ARIN spend its resources to help? That is less clear at this point. It would have helped if ARIN had been more informative about the burn rate on the IPv4 pool about 5 years ago, but too many people were still in denial to allow that to happen. Maybe providing a vendor-neutral forum for the ISPs to tell the content providers that 'the plumbing is moving, so optimal access to the consumer means dual-stacking the content', would be a place to start. Getting Disney, CNN, Facebook ... in a room to hear why this is happening would go a long way toward mitigating the problem here. As you said, changing the data center is easy, the hard part of that is providing the motivation to do it. Tony From tedm at ipinc.net Tue Sep 29 13:39:16 2009 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Tue, 29 Sep 2009 10:39:16 -0700 Subject: [arin-discuss] ipv6 technology supplier phone bank? In-Reply-To: <248786.30221.qm@web63305.mail.re1.yahoo.com> References: <28E139F46D45AF49A31950F88C497458033F625F@E03MVZ2-UKDY.domain1.systemhost.net> <49698.1253800195@nsa.vix.com> <2b5e50900909240656p17ed1dbek61a40b2a7b53a7f@mail.gmail.com> <28267.1253976115@nsa.vix.com> <4AC10580.2070809@ipinc.net> <1acd01ca4070$6197bed0$24c73c70$@net> <58477.1254166431@nsa.vix.com> <1ae901ca4076$15218f80$3f64ae80$@net> <106890.56313.qm@web63305.mail.re1.yahoo.com> <1b4f01ca4095$8eb805d0$ac281170$@net> <248786.30221.qm@web63305.mail.re1.yahoo.com> Message-ID: <4AC24644.3060609@ipinc.net> Lee Howard wrote: > I'm not sure this is still an arin-discuss thread. I'm happy to move it > somewhere else, unless we quickly get back to an ARIN-member > question, like, "How should ARIN spend its resources to help?" > > >>> ISPs will break IPv4 for their paying customers, and charge to put it >>> back >>> together? Brilliant! >>> Especially if the guy down the street hasn't broken it yet.[1] >> It is not my plan, it is what the ISPs have backed themselves into by >> stalling their IPv6 deployments. > > IPv6 in the core is easy(ish). Yes, and I think that today the core hardware is ALL IPv6-capabable, even if the administrators running a specific router don't have IPv6 configured on it. Thus, getting increased IPv6 penetration is just a matter of ARIN continuing to harp on it to those operators. > IPv6 in the data center is easy(ish). Yes, and I think that today MOST stuff running in the data center is IPv6-capable, and what still isn't, is going to be only used by devices inside a particular data center that are dual-stacked. That is for example, you can have a webserver querying a SQL server that is IPv4-only, while the web server serves up both IPv4 and IPv6 to the public Internet. Essentially, the data center is ready for IPv6 today, even if the administrators running gear in a particular data center don't have IPv6 configured in it. ARIN could help IPv6 penetration here by maintaining an "IPv6-certified list" of networks that sell connectivity to those datacenters. > IPv6 at the edge is hard. It's partly a network value problem: consumers > won't pay more for gateways and gadgets that support IPv6, so vendors > don't make them. > It's much more complex a problem than that. Virtually ALL CPE devices made today are HARDWARE-CAPABLE of supporting IPv6. The problem is that the vendors don't write the firmware to be IPv6-capable. This is really a critical point because it's only been very recently that this has been true. I would say most CPE gear manufactured in the early 2000's did not have enough ram and flash to support IPv6 stacks. They could barely support IPv4 stacks, and a great amount of gear also had what I would call severely underpowered CPUs as well. Who can ever forget the infamous early-version Linksys BEFSR41s which arguably were one of the worst implementations of an IPv4 router in history? Most CPE of course, are built on all-in-one ASIC designs to save money during manufacture, where the CPU/RAM/FLASH/RADIO/PORTS/WHATEVER is all integrated into a single chip. The CPE gear originally made in the early part of the decade used general-purpose parts. Take apart for example a Cisco 678 sometime, this is a DMT-DSL modem. They are stuffed with chips. Whereas a Cisco 8xx router with an integrated DSL port in it, has a much lower parts count, and the unit has vastly more ram/flash and CPU power. That's why the IP stack on a 678 is IPv4-only, and the stack on a Cisco 8xx is IPv4/IPv6-capable. Thus, EVEN IF a vendor WANTED to write IPv6-capable firmware for CPE gear back in 2004, for example, THEY COULDN'T. One of the very first CPE's that IPv6 firmware was available on was the early model Linksys WRT54g, revisions 1 - 4. Revision 1.0 came out in 2002. These revisions had 4MB flash/ 16MB ram, and early IPv6 firmware was available from Earthlink, (http://www.research.earthlink.net/ipv6/) While it is true that one big reason this CPE was selected by Earthlink for it's prototype IPv6 firmware was because of Linksys's use of GPL code on it exposed the programming interface, the other was that this CPE was one of the few of that era in the "cheap" category with 4MB flash. Later on when Linksys went to 2MB flash on these unit revisions, it killed the ability to run IPv6 on them - no 3rd party firmware that supports IPv6 exists that will run in that small flash. However, there are much better/faster/more ram CPE's (like the WRT54GS) today that have superseded this older CPE Nowadays, for 3rd party IPv6 firmware, the Linksys prototype IPv6 firmware is mainly of historical interest, most people who are doing 3rd party firmware for IPv6 are running openwrt, or dd-wrt firmware. A large number of CPE's will support this firmware as well. > > My point was more that CPE vendors don't sell to ISPs, they sell to > consumers, who really don't want to be bothered. ISPs can tell what is > needed (work in progress) but don't generally send POs. > This isn't accurate. When it comes to CPE gear, Broadband-providing ISP's generally fall into 1 of 2 categories (I'm going to ignore dialup customers): 1) Mammoth ones, like your comcasts, earthlinks, and the telco ones like Qwest, Verizon, etc. These ISPs exclusively use all-in-one CPE devices that they have CPE vendors (actiontec, westell, motorola, etc.) build to spec, that include the DSL/Cable/Fios port integrated into the CPE along with a router that can be configured to either route a subnet or do NAT or be a dumb bridge. They then hand these out to new subscribers on various "free promo" plans where the customer gets the CPE for nothing as long as they have service a particular length of time. For example Qwest charges the subscriber for the CPE, then spreads the payment over the first several months of service, while simultaneously running a 1/2 price discount on the service itself - so in essence the subscriber pays full rate on the service and gets the CPE for free, under a gimmick intended to prevent the customer from assuming the CPE is really free or owned by Qwest. If these ISPs wanted IPv6 they would tell the CPE vendors (ie: westell, actiontec, etc.) that IPv6 is part of the RFP for the CPE device, and the IPv6 code would get added at pretty much no additional cost nowadays - because the cost of writing the firmware for the devices is a very small cost of the raw materials for the device itself. Not to mention that the CPE vendors could easily take the existing openwrt/ddwrt source code, all of which is under GPL, and modify it, which would cost virtually nothing to them. Thus, switching the edge over on THESE ISPs is very easy - it's merely a matter of convincing them that the next RFPs they hand out to the CPE vendors must require IPv6. Then, the natural churn will insure that once the IPv6 CPE's are deployed, that over time the subscriber base will become IPv6. The same issues exist with large wisps, (like Clear wimax) it is just an issue of them specing it in their RFP's for CPE gear. 2) medium and small ISPs deploying over DSL, either telco-supplied ADSL networks, or their own SDSL networks over dry pairs. Since they do not have the buying power they can't go to the CPE vendors and make them add IPv6 code. What they do is buy CPE's that have "generic" firmware on them and then resell them to customers. Quite often the CPEs are used, or they are integrated into another device (voice cards, like the Cisco 827-4v) or they are bridge-only (many SDSL modems are like this, ie; Paradyne, old copper mountain networks stuff, etc.) Essentially the only possible way they can get their edge customers IPv6 is to only use DSL modems that can go into bridging, and use additional ethernet-to-ethernet firewalls behind these modems. Since these guys are competing against the large ISPs, there's tremendous price pressure on them already for the CPE - and so it's highly unlikely they are going to want to do that. Thus, switching their edges to IPv6 is NOT easy at all. Small "community" wisps are in an interesting boat - those that build using openwrt or dd-wrt compliant gear are in good shape, that that did not are going to be even less interested in switching over. So really, the issue of edge CPE's is thusly, you should recognize that a vast number of edge customers use the ISP-supplied CPE gear and do NOT purchase additional routers that they would use behind such gear - and with those customers the CPE vendors are indeed selling to ISPs. The remainder do use CPE gear but they are buying it across the board, some are getting cheap consumer gear, others are getting expensive industrial gear (ie: Cisco PIX, or ASA, etc.) > How should ARIN spend its resources to help? > If ARIN really wanted to make a dent they would have to be very, very aggressive. If I was king of the world, in charge of all RIR's, I would immediately cease issuing IP addressing to ALL large ISP networks that did not agree to MANDATE that their CPE vendors include IPv6 code in their new CPE models within a year. In essense, no more IP addressing of any kind to Verizon, Qwest, Comcast, SBC, yadda yadda yadda until those companies signed an agreement stating that from now on, IPv6 will be a required component of all new Cable/DSL/Fios/Wireless CPE gear that they supply to the retail Internet access market. Give them a year to have their CPE vendors get their house in order and then let the boom drop if they don't do it. That will get the edge IPv6-compliant. However, getting the customers to USE IPv6 will be a different matter entirely and it is intimately tied up with the fate of the Windows operating system. Although Win XP "supported" IPv6, it was NOT enabled by default - so IPv6 was a non-starter for the masses. IPv6 -is- enabled in Vista, but there were some initial problems with it and some network adapters, there's also the "localhost" issue with it. Unfortunately this spurred a number of "how to disable IPv6 in Vista" howtos on the Internet as well as a number of misguided people recommending to disable it. However, the one good thing is that in Vista, as well as in Windows 7, Microsoft has made IPv6 a requirement for Windows Meeting Space, as well as Windows Peer to Peer Networking Platform. This is a step in the right direction towards getting people to switch over. For these reasons, getting the edge fully IPv6 compliant is going to take solid Windows 7 penetration which won't happen until 2011 at the least. Ted From michael.dillon at bt.com Tue Sep 29 15:03:23 2009 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Tue, 29 Sep 2009 20:03:23 +0100 Subject: [arin-discuss] ipv6 technology supplier phone bank? In-Reply-To: <4AC24644.3060609@ipinc.net> Message-ID: <28E139F46D45AF49A31950F88C49745803568BD7@E03MVZ2-UKDY.domain1.systemhost.net> > If ARIN really wanted to make a dent they would have to be > very, very aggressive. If I was king of the world, in charge > of all RIR's, I would immediately cease issuing IP addressing > to ALL large ISP networks that did not agree to MANDATE that > their CPE vendors include IPv6 code in their new CPE models > within a year. We are a big ISP and when we went to our broadband CPE vendor and asked for IP6 support, it only took them about a month to produce it. Within weeks we had 100 trial broadband users up and running using the upgraded devices. It was a good experience because it pointed out various weak areas, between the CPE and the first real IP router, as well as Operational Support Software (OSS) and IPv6 peering. For the big ISPs, I don't think that CPE is such a big issue. If the need is there then vendors can move quickly. One area that should be fixed is that the Broadband forum is dragging its feet on a standard broadband gateway spec including IPv6. I expect that a lot of CPE vendors are waiting for this and also suspect that lack of ISP input is one thing causing this to lag behind. There are no simple solutions here. It is a tangle of interdependencies between various types of business, various types of technology, and people with varying levels of knowledge. It's the kind of thing where you poke it in order to see what kind of reaction you get, and then deal with whatever comes up. Then poke it again, rinse repeat. Eventually enough of the problem is handled that you can map out clear roadmaps to an endgame. > In essense, no more IP addressing of any kind to Verizon, > Qwest, Comcast, SBC, yadda yadda yadda until those companies > signed an agreement stating that from now on, IPv6 will be a > required component of all new Cable/DSL/Fios/Wireless CPE > gear that they supply to the retail Internet access market. While I wouldn't support that, I think that it would do no harm to get that as a formal proposal before the PPML. That would poke the chaotic web of interdependencies, and provide some targets to deal with. Call it a multi-pronged strategy. I really do expect the market analysts to eventually gain some understanding of this issue and start grilling CFOs and CEOs over their firms readiness for IPv6 deployment. Maybe such a policy proposal will trigger that. > However, the one good thing is that in Vista, as well as in > Windows 7, Microsoft has made IPv6 a requirement for Windows > Meeting Space, as well as Windows Peer to Peer Networking > Platform. This is a step in the right direction towards > getting people to switch over. If you explain this to marketing people and product design people, then the wheels will start spinning in their heads because this is the kind of thing that they understand. We have hidden IPv6 under a bushel in the technical community for too long. Now we need to get other types of people engaged in the task ahead. > For these reasons, getting the edge fully IPv6 compliant is > going to take solid Windows 7 penetration which won't happen > until 2011 at the least. That may be just in time. And if IPv6 will help MS drive Win7 penetration, then they may turn out to be a useful partner in the IPv6 deployment process. Lets get that IPv6 sprint off the ground, make a kit so that it can be done at other tech conferences and then try to get MS to sponsor an IPv6 sprint at one of their many conferences. --Michael Dillon